Internal Quality Auditors

Learning Sessions

Table of Content
1. Auditing the Design and Development Process 2. Auditing Customer Communication 3. Auditing Competence and Effectiveness of Actions Taken 4. Audit Finding Evaluation

Auditing the Design and Development Process ISO 9001:2008 clause 7.3

Meaning: refers only to design and development of products and services. not design and development of processes, although it can be beneficial to apply the methodology of clause 7.3 to the latter.

Auditing the Design and Development Process

Auditing Objective:
Determine whether the process is managed and controlled to enable products to meet their intended use and specified requirements.

Note: Auditing Design and Development Process for Service organization may be different from traditional manufacturing organization.

What is Product Design and Development?

Product Requirement

Transform into

Specified Product Characteristics

i.e. specifications, statutory requirements and specific or implied customer requirements

distinguishing features of the product

Examples of product characteristics ISO 9000:2005 clause 3.4.1

1.
2.

3. 4. 5. 6.

Physical (e.g. mechanical, electrical, chemical or biological characteristics) Sensory (e.g. related to smell, touch, taste, sight, hearing) Behavioral (e.g. courtesy, honesty, veracity) Temporal (e.g. punctuality, reliability, availability) Ergonomic (e.g. physiological characteristic, or related to human safety) Functional (e.g. maximum speed of an aircraft)

How to evaluate if exclusion of 7.3 is correct?

Establish who is responsible for defining the characteristics of product or service together with how and when it is carried out.
ISO 9001:2008 Clause 1.2 Application
are not acceptable unless these exclusions are limited w/in Clause 7, and such exclusions do not affect the organizations ability, or responsibility, to provide product that meets customer and applicable statutory and regulatory requirements.

Each stage has specific deliverables that cover both the commercial and technical aspects of design and development of a product. In some cases, organizations might be able to justify the exclusion of certain sub-clauses or individual requirements from their QMS without necessarily excluding the entire clause.

How to start?
Establish what design and development projects have been, and are currently being undertaken.
= select a sufficient number of projects to be able to audit all stages of the design process

How to evaluate if there is on-going D&D activity?

Validate by: Ensuring that no changes have been effected to the previous design

Reviewing relevant documents and records such as:

1. Relevant document to find out whether any amendment has been issued during the review period. 2. Customer feedback to find out whether any design-related comment has been received and auditee has taken appropriate action. 3. Nonconformity reports to find out whether any designrelated NCs have been recorded.

Records that we can take a look at

7.3.2 Design and development inputs relating to product requirements 7.3.4 Results of design and development reviews and any necessary actions 7.3.5 Results of design and development verification and any necessary actions 7.3.6 Results of design and development validation and any necessary actions 7.3.7 Results of the review of design and development changes and any necessary actions

Auditing the need for design & development

Triggering factors:
the organizations strategic planning; market intelligence and research; service reports; customer feedback and demand; new or changed statutory and regulatory requirements; process changes; new technology; suppliers.

(7.3.1) Auditing design and development planning

ISO 9001:2008 Clause 7.3.1 The organization shall plan and control the design and development of product. During the design and development planning, the organization shall determine
a. b. c. The design and development stages, The review, verification and validation that are appropriate to each design and development stage, and The responsibilities and authorities for design and development.

The organization shall manage the interfaces between different groups involved in design and development to ensure effective communication and clear assignment of responsibility.
Planning output shall be updated, as appropriate, as the design and development progresses.

ISSUES to CONSIDER:

what is the overall flow of the design planning process? how is it described? what resources and competencies are required? what part of the design will be outsourced? who is responsible and are the authorities defined? how are (internal and external) interfaces between various groups identified and managed? are the required verification, validation and review points defined? are the main milestones and timelines identified? is the implementation and effectiveness of the plan monitored? is the plan updated and communicated to all relevant functions as necessary?

(7.3.2) Auditing design and development inputs

ISO 9001:2008 Clause 7.3.2 Inputs relating to product requirements shall be determined and records maintained. These inputs shall include a) b) c) d) Functional and performance requirements Applicable statutory and regulatory requirements Where applicable, information derived from previous similar designs, and Other requirements essential for design and development.

The inputs shall be reviewed for adequacy. Requirements shall be complete, unambiguous and not in conflict with each other.

(7.3.2) Auditing design and development inputs When auditing the design and development inputs, auditors should develop an understanding of how the organization identifies its own inputs based on:
the organizations products and processes; financial, environmental, health and safety issues; organizational risks and impacts; customers requirements and expectations; statutory and regulatory requirements applicable to the product .

(7.3.2) Auditing design and development inputs Auditors should evaluate the risks, the possible implications for customer satisfaction, and issues that the organization may encounter if some relevant inputs are not considered.

(7.3.3) Auditing design and development outputs

ISO 9001:2008 Clause 7.3.3 The outputs of design and development shall be in a form suitable for verification against the design and development input and shall be approved prior to release. Design and development outputs shall
a) b) c) d) Meet the input requirements for design and development Provide appropriate information for purchasing, production and service provision, Contain or reference product acceptance criteria, and Specify the characteristics of the product that are essential for its safe and proper use.

Note: Information for production and service provision can include details for the preservation of products.

(7.3.3) Auditing design and development outputs D&D outputs should comply with the identified needs in order to ensure that the resulting product can fulfil its intended use. Outputs can include information relevant to the following:
marketing, sales and purchasing; production; quality assurance; information for service provision and maintenance of the product after delivery and, should be provided in a form that enables verification and validation activities to be performed.

(7.3.3) Auditing design and development outputs

Auditors should obtain evidence from the projects selected to confirm that:
information regarding the completion of design and development stages is available; the design and development process has been completed for the stage under review; design and development outputs have been confirmed

(7.3.4) Auditing the design and development

process and design reviews

ISO 9001:2008 Clause 7.3.4 At suitable stages, systematic reviews of desig and development shall be performed in accordance with planned arrangement (see
7.3.1)

a) b)

To evaluate the ability of the results of the design and development to meet requirements, and To identify any problems and propose necessary actions.

Participants in such reviews shall include representatives of functions concerned with the design and development stage(s) being reviewed. Records of the results of the reviews and any necessary actions shall be maintained.

(7.3.4) Auditing the design and development process and

design reviews

Auditors should
verify that the overall design and development process is controlled in accordance with the organizations original plan being reviewed the design and development reviews take place at appropriate planned stages Participated by representatives from concerned/related functions

(7.3.4) Auditing the design and development

process and design reviews

The following issues should be considered by auditors when examining the review process:
do reviews occur at planned stages throughout the design process? are the reviews carried out in a systematic way involving representatives of the functions concerned with the stage(s) being reviewed? have all original and any new inputs been considered ? are the original outputs still relevant or have revised outputs been identified? have revised inputs and outputs been reviewed and approved by those with the relevant responsibility and authority (including the customer where appropriate)? does the output demonstrate the suitability, adequacy and effectiveness of the designed product? are the relevant design objectives being achieved? are there adequate records of reviews?

(7.3.5) Auditing design and development verification

ISO 9001:2008 clause 7.3.5 Verification shall be performed in accordance with planned arrangements (see 7.3.1)to ensure that the design and development outputs have met the design and development input requirements. Records of the results of the verification and any necessary actions shall be maintained (see 4.2.4)

(7.3.5) Auditing design and development verification

Design and development verification is aimed at providing assurance that the outputs of a design and development activity have met the input requirements for this activity as shown in Figure 2 below.

(7.3.5) Auditing design and development verification

Verification can comprise activities such as: performing alternative calculations; comparing a new design specification with a similar proven design specification; undertaking demonstrations including prototypes, simulations or tests; and, reviewing documents prior to issue.

(7.3.5) Auditing design and development verification

Auditors should determine that the design and development verification activities should provide confidence that: required verifications are planned and that verification is performed as appropriate during the design and development process; the completed design or development is acceptable and the results are consistent with and traceable to the initial requirements; the completed design or development is the result of implementation of a proper sequence of events, inputs, outputs, interfaces, logic flow, allocation of timing, etc; the design or development provides safety, security, and compliance with other requirements and design inputs; evidence is available to demonstrate that the verification results and any further actions have been recorded and confirmed when actions are completed.

Auditors should determine that only verified design and development outputs have been submitted to the next stage, as appropriate.

(7.3.6) Auditing design and development validation

ISO 9001:2008 Clause 7.3.6 Design and development validation shall be performed in accordance with planned arrangements (see 7.3.1) to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, where known. Wherever applicable, validation shall be completed prior to the delivery or implementation of the product. Records of the results of validation and any necessary actions shall be maintained (see 4.2.4).

(7.3.6) Auditing design and development validation

confirmation by examination, provision of evidence, that the particular requirements for specific intended use are fulfilled. Is the validation process capable of checking that the final product and/or service will meet, or does meet, the customers needs when it is in use ?
Validation methods should be specified as part of the design and development planning process, although these could be modified during the realization of design and development.

(7.3.7) Auditing design and development changes

ISO 9001:2008 Clause 7.3.7 Design and development changes shall be identified ad records maintained. The changes shall be reviewed, verified and validated, as appropriate, and approved before implementation. The review of design and development changes shall include the evaluation of the effect of the changes on constituent parts and product already delivered. Records of the results of the review of changes and any necessary actions shall be maintained (see 4.2.4)

(7.3.7) Auditing design and development changes

Changes to design and development shall be: Identified Reviewed Verified and validated, as appropriate Approved before implementation Records maintained

(7.3.7) Auditing design and development changes

Review of changes shall include: Evaluation of the effect of the changes on constituent parts and product and products already delivered Maintain records of the results of review and any necessary actions

(7.3.7) Auditing design and development changes

Design and development changes made during the design process need to be controlled. Auditors should consider the following : are the sources and requests for changes properly identified and communicated? is the impact of any change evaluated? is any additional design proving or testing undertaken where appropriate? are the effects of the changes on constituent parts and product already delivered evaluated? has appropriate approval been given before a change is implemented (this could include statutory or regulatory approval or approval by the client)? are the changes fully documented and do records include information regarding any necessary additional actions?

KEY POINTS IN SUMMARY

1) Plan design activities, 2) Determine the requirements, 3) Execute the initial design, 4) Test the design to see if it met requirements, 5) Change the design if you have to until you can confirm you met the requirements, 6) Document the process, specs and changes, and 7) Get the customer to confirm it's what they wanted.

End of Session 1

Auditing Customer Communication

Learning Session 02

Importance of Customer Communication

Requirements
ISO 9001:2000 clause 7.2.3 : Customer communication
The organization shall determine and implement effective arrangements for communicating with customers in relation to a) product information, b) enquiries, contracts or order handling, including amendments, and c) customer feedback, including customer complaints.

Other ISO 9001:2008 requirements regarding Customer Communication

Clause 5.2 Top management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction Clause 7.2.2 The organizations review of the requirements related to the product conducted prior to the organization's commitment to supply a product to the customer (e.g. submission of tenders, acceptance of contracts or orders, acceptance of changes to contracts or orders); Clause 7.2.2 Where the customer provides no documented statement of requirement, the customer requirements shall be confirmed by the organization before acceptance; the organization needs to have a system in place to obtain those requirements. Clause 8.3b Authorizing the use of non conforming product by release or acceptance under concession by a relevant authority and, where applicable, by the customer.

Guidance from ISO 9004:2000 (clause 7.2)

Processes related to interested parties Management should ensure that the organization has defined mutually acceptable processes for communicating effectively and efficiently with its customers and other interested parties. The organization should implement and maintain such processes to ensure adequate understanding of the needs and expectations of its interested parties, and for translation into requirements for the organization

Verifying the effectiveness of customer communications

Verifying the effectiveness of customer communication is therefore a critical component for achieving customer satisfaction. Although there is no specific requirement in ISO 9001:2000 for a documented procedure, depending on the size, complexity and culture of the organization it may be necessary to have one in order to ensure effective implementation of the customer communication process. ISO 9000 defines the term customer as the recipient of the product. It further gives examples of customers including the end user. Many organizations sell their products / services through dealers and retailers and may not be receiving orders directly from the end users. It is important for the auditor to verify how the organization communicates about the quality of its product / service to the end users and also the mechanism for obtaining a feedback (besides complaints) from the end users. It should be recognized that the needs of the dealers / retailers may at times be different from those of the end users.

The auditors approach - 1

Customer communication falls in three general categories: An organizations general communication to existing or potential customers such as advertisements or marketing information, Specific information relating to a customer enquiry, requirement or order, and

Communication in response on customer feedback and complaints

The auditors approach - 2

Some or all of the following means of an organizations general customer communication may be observed by the auditor: Product information, which includes
advertising material web sites product catalogues

Where the organization receives orders from dealers and not the end users, the auditor should establish that the product information available to the end users (pamphlets, brochures, web sites etc) describes the product / service adequately and accurately. The auditor should also try to establish how the customer needs have been identified and product specifications arrived at.

The auditors approach - 3

Verify the product information to confirm that it is readily available to customers or potential customers and provides information that is up-to-date and accurate.

Query/take a look into, for example, how often advertising material, web sites and product catalogues are reviewed to reflect the organizations current product offerings and services and what measures are taken if a particular product is modified, discontinued or no longer available.

The auditors approach - 4

Some or all of the following means of an organizations specific customer communication may be observed by the auditor: Enquiries, contracts or order handling, including amendments
quotations order forms confirmation of order amendment to order delivery documentation invoices credit notes e-mail & general correspondence visit reports or notes to/from customer

Customer feedback and complaints management process

Letters in response to complaints Acknowledgments

The auditors approach - 5

There are also further instances where the auditor will experience the organizations communication with the customer:
During the ordering process where the customer provides no documented statement of requirement, the organization needs to have a system in place to obtain or confirm these customer requirements before the organization accepts the order. During the design/development process there may be considerable communication between the organization and the customer. During the process of authorizing the use of non conforming product by release or acceptance under concession by a relevant authority and, where applicable, by the customer

The auditors approach - 6

The auditor would use normal trace methods to verify compliance with the customer communications requirements of ISO 9001 and whether the organization communicated effectively with the customer in the execution of the enquiry, contract or order.

Auditing Competence and Effectiveness of Actions Taken

ISO 9001:2008 Clause 6.2.2 : Competence, training and awareness

The organization shall: a) b) Determine the necessary competence for personnel performing work affecting conformity to product requirements, Where applicable, provide training or take other actions to achieve the necessary competence, Evaluate the effectiveness of the actions taken, Ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives, and Maintain appropriate records of education, training, skills and experience (see 4.2.4).

c) d)
e)

How to start?
- Usually audited as part of a product realization process audit and not in isolation. - However, it is recognised that some organizations will have separate human resource processes, where most of the evidence needed can be found.

Things an organization needs to do to satisfy the requirement

Identify what competencies are required by personnel performing work which affects quality Identify which personnel already performing the work have the required competencies Decide what additional competencies are required Decide how these additional competencies are to be obtained training of personnel (external or internal), theoretical or practical training, hiring of new competent personnel, assignment of existing competent personnel to different work Train, hire or reassign personnel Review the effectiveness of actions taken to satisfy competence needs Periodically review competence of personnel

Other things to consider..

Throughout the process, the organisation is required to maintain appropriate records of education, training, skills and experience.

However, ISO 9001:2000 does not specify how the process will be established or the exact nature of the records to be maintained.

Issues that would be looked into

1. An organisation needs to identify what competencies are required by personnel performing work that affects quality. Guidance - The objective of the auditor should be to determine whether there is a systematic approach in place to identify these competencies and to verify that the approach is effective. The outcome of the process may be a list, register, database, human resources plan, competencies development plan, contract, project or product plan, etc.

Discussions could initially be held with top management to ensure they understand the importance of identifying the competencies required. These may also be a potential source of information regarding new or changed activities or processes, which may lead to different competency requirements in the organization. A review of competencies might also be needed when a new tender or contract is being considered. Evidence of this could be found in related records. Competence requirements may be included in contract documents where the activities of subcontractors can have an impact on processes and/or product quality characteristics. Auditors need to determine whether the organisation has identified new or changed competence needs during surveillance audits.

Issues that would be looked into

2. Are competent people assigned to those work place activities necessary to control the quality characteristics of its processes and products? Guidance - Verify that some form of evaluation process is in place to ensure that the competencies are appropriate to the organization's activities, and that the personnel selected as competent are demonstrating these competencies. Also, the process should ensure that any deficiencies are being acted upon and the effectiveness of personnel is being measured. Verify that the activities that affect quality are performed by persons selected as competent. Evidence may be obtained throughout the audit with an emphasis on those processes, activities, task and products where human intervention may have the greatest impact. The auditor may review job descriptions, testing or inspection activities, monitoring activities, records of management reviews, definition of responsibilities and authorities, nonconformity records, audit reports, customer complaints, processes validation records etc.

Issues that would be looked into

3. The organization needs to evaluate the effectiveness of the actions taken to satisfy the competence needs
Guidance - The organization may use a number of techniques including role-play, peer review, observation, reviews of training and employment records and/or interviews (see ISO 19011, Table 2, for further examples). The appropriateness of a particular evaluation method will depend on many factors.
For example, training records could be viewed to verify that a training course had been successfully completed (but note, this alone would not provide evidence that the trainee is competent). However, this same method would not be acceptable to evaluate whether an auditor performed satisfactorily during an audit. Instead, this may require observation, peer review, interviews, etc.. The organization may need to demonstrate the attainment of competence of its personnel through a combination of education, training and/or work experience.

Issues that would be looked into

4. Maintenance of competence.
Guidance The auditor needs to verify that some form of effective monitoring process is in place and being acted upon. Ways of doing this include a
continuing professional development process (such as the one described in ISO 19011), regular appraisals of personnel and their performance, or the regular inspection, testing or auditing of product for which individuals or groups are responsible.

Ongoing changes in competence requirements may indicate that an organization is proactive in maintaining personnel performance levels.

Guidance from ISO 9004:2000

6.2.2.1 Competence Management should ensure that the necessary competence is available for the effective and efficient operation of the organization. Management should consider analysis of both the present and expected competence needs as compared to the competence already existing in the organization.

Consideration of the need for competence includes sources as - Future demands related to strategic and operational plans and objectives - Anticipated management and workforce succession needs - Changes to the organizations processes, tools and equipment, - Evaluation of the competence of individual people to perform defined activities, and - Statutory and regulatory requirements, ad standards, affecting the organization and its interested parties.

Guidance from ISO 9004:2000

6.2.2.2 Awareness and Training Planning for education and training needs should take account of change caused by the nature of the organizations processes, the stages of development of people and the culture of the organization.

The objective is to provide people with knowledge and skills which, together with experience, improve their competence.
Education and training should emphasize the importance of meeting requirements and the needs and expectations of the customers and other interested parties. It should also include awareness of the consequences to the organization and its people of failing to meet the requirements.

Guidance from ISO 9004:2000

To support the achievement of the organizations objectives and the development of its people, planning for education and training should consider: - Experience of people - Tacit and explicit knowledge - Leadership and management skills - Planning and improvement tools - Teambuilding - Problem solving - Communication skills - Culture and social behavior - Knowledge of markets and the needs and expectations of customers and other interested parties, and - Creativity and innovation.

Guidance from ISO 9004:2000

To facilitate the involvement of people, education and training should also include - The vision for the future of the organization - The organizations policies and objectives - Organizational change and development - The initiation and implementation of improvement processes - Benefits from creativity and innovation - The organizations impact on society - Introductory programs for new people, and - Periodic refresher programmes for people already trained.

Guidance from ISO 9004:2000

Training plans should include: - Objectives, - Programmes and methods, - Resources needed, - Identification of necessary internal support, - Evaluation in terms of enhanced competence of people, and - Measurement of the effectiveness and the impact on the organization. The education and training provided should be evaluated in terms of expectations and impact on the effectiveness and efficiency of the organization as a means of improving the future training plans.

 How do you determine the necessary competence of our staff?

How do you handle new staff? Introduction plans?

In what areas do you need to elevate competence? In what way? How do you evaluate the effectiveness of the actions taken? Are your staff aware of the intent of your quality policy, quality objectives and how they contribute to fulfilling them?

Do you have the infrastructure you need?

Is the work environment good enough? How about the mood among the staff?

Audit Finding Evaluation

Scenario 1 :
Customer property (intellectual property) controlled by a bank

Situation:
A bank provides a variety of services to its customers (i.e. personal and company bank accounts), but chooses to implement a QMS only for its Internet banking services. For this service the bank has claimed conformity to ISO 9001:2008. The bank clearly states in its Quality Manual which services are covered by the QMS. The bank applies all the requirements of ISO 9001:2008 for the realization of its Internet banking services, with the exception of sub-clause 7.5.4 Customer property. The bank does not feel that it has possession of any customer property as part of its Internet banking services and has stated this in the justification for the exclusion of sub-clause 7.5.4 Customer property from its QMS.

Issue(s):
Can the bank exclude sub-clause 7.5.4 Customer property from its QMS and claim conformity to ISO 9001:2008?

Scenario 2 :
Exclusion of design and development by a contract manufacturer
Situation:
XYZ Electronics is building a new factory to perform manufacturing of mobile phones, as a subcontractor. It has only one customer and this customer maintains responsibility and authority for product design. XYZ Electronics is responsible for purchasing of all components and for performing the manufacturing activities. The customer provides XYZ with the manufacturing and parts specifications, and is also responsible for notifying XYZ of any design changes and providing the appropriate change information.
XYZ Electronics, in the development of its QMS, has excluded the requirements of ISO 9001:2008 sub-clause 7.3 Design and development. XYZ Electronics considers the customer specifications as a customer supplied product and therefore controls this according to ISO 9001:2008 sub-clause 7.5.4 Customer property.

Issue(s):
Can the XYZ Electronics exclude sub-clause 7.3 Design and development from its QMS and claim conformity to ISO 9001:2008?

Scenario 3 :
Regulators permit the exclusion of design development
Situation:
KML designs and fabricates pressure vessels for electricity generating stations, in accordance with various mandatory pressure vessel regulations. The regulatory authority has not yet revised its requirements to take ISO 9001:2008 into account, but has confirmed that it will continue not to require manufacturers QMSs to include design. On this basis KML decides to exclude sub-clause 7.3 Design and development from its QMS and to claim conformity to ISO 9001:2008.

Issue(s):
Can KML exclude sub-clause 7.3 Design and development from its QMS and claim conformity to ISO 9001:2008?

Scenario 4 : Outsourced design and development activities

Situation:

CDH Construction Ltd. provides engineering and construction services for various developers, but does not have in-house design capabilities. The company employs a project manager who is responsible for the management of design activities. These activities are outsourced to TPL Engineering Ltd, an engineering consulting company.
The activities of TPL Engineering Ltd. are managed through the application of the requirements of sub-clause 7.4 Purchasing. The project manager of CDH Construction Ltd. oversees the design activities and is involved in design review meetings and design verification and validation activities. In addition, the project manager is responsible for ensuring that the design activities are carried out in accordance with the requirements of ISO 9001:2008 sub-clause 7.3 Design and development. However, CDH Construction Ltd. has excluded subclause 7.3 Design and development from its QMS, since the design activities have been outsourced.
Issue(s):
Can CDH Construction Ltd. exclude sub-clause 7.3 Design and development from its QMS and claim conformity to ISO 9001:2008?

Scenario 5 : Traceability
Situation:
AKP Corp. is a company that manufactures electric motors for sale by licensed distributors. Traceability of the component parts of the product is not an internal or external requirement of this company. The organization has excluded the traceability requirement of subclause 7.5.3 Identification and traceability from its QMS, while claiming conformity to ISO 9001:2008.

Issue(s):
Can AKP Corp. exclude the traceability requirement of sub-clause 7.5.3 Identification and traceability from its QMS and claim conformity to ISO 9001:2008?

Scenario 6 : Design of services

Situation:
JWB is a consulting firm that performs internal audits for small organizations that have implemented quality management systems that conform to ISO 9001:2008. JWB developed its methodology and tools for performing customers internal audits based on the guidance of ISO 19011:2002. It delivers a customized service that has as its output a written internal audit report and all the supporting data from the audit. The organization wishes to exclude clause 7.3 Design and development with the justification that, as a service provider, it cannot have any design and development activities.

Issue(s):
Can JWB exclude sub-clause 7.3 Design and development from its QMS and claim conformity to ISO 9001:2008?

Scenario 7 : Post delivery activities

Situation:
The ABC consultancy organization provides financial auditing services to large manufacturing organizations. The product delivered to its customers is an internal financial audit report. Contracts for internal financial audit services state that a contract is completed when ABC has issued, clarified and reviewed its report with the customer, and that the customer has finally signed-off the report as being fully agreed; any activity beyond that the sign-off would be subject to a supplementary contract. The consulting firm claims its QMS conforms to ISO 9001:2008 with the exclusion of post-delivery requirement (f) of sub-clause 7.5.1.Control of production and service provision.

Issue(s):
Can the ABC consultancy organization exclude the post-delivery requirement in bullet (f) of sub-clause 7.5.1.Control of production and service provision from its QMS and claim conformity to ISO 9001:2008?

Scenario 8 : Validation of processes

Situation:
A small garment manufacturer carries out cutting work on textiles that are delivered to an internal sewing department for the next phase of the process. The quality of the output of the cutting work can be checked after finalization of the work. It has implemented a QMS and claims conformity to ISO 9001:2008 , with the exclusion of sub-clause 7.5.2 Validation of processes for production and

service provision.

Issue(s):
Can the small garment manufacturer exclude sub-clause 7.5.2 Validation processes for production and service provision from its QMS and claim conformity to ISO 9001:2008?

Scenario 9 : Monitoring and measuring devices

Situation:

A small training organization provides training to people who are not currently working and would like to upgrade their skills. The organization carries out practical skills training. In this process the participants practice the use of simple measuring equipment such as rulers, spirit levels and plumb lines. The organizations product is the skills development, and not the crafted items produced by the participants. The training organization has implemented ISO 9001: 2000 QMS and claims conformity to the standard with the exclusion of sub-clause 7.6 Control of monitoring and measuring

devices.
Issue(s):

Can the small training organization exclude sub-clause 7.6 Control of monitoring and measuring devices from its QMS and claim conformity to ISO 9001:2008.

Scenario 10 : Complex Organization (Global TV)

10.1 Introduction

This example illustrates some of the key issues a multinational organization with multiple work centres faces when implementing ISO 9001:2008 throughout the entire organization.
Global TV (GTV) is an organization that designs, manufactures, sells, distributes and services televisions (TVs) worldwide. GTV sells its product to retail outlets, which in-turn sell the TVs to end-user customers. Headquarters provides global support for quality management, all purchasing functions and sales and distribution contracts for its operations worldwide. GTV consists of a design centre, a sub-assembly plant, a manufacturing centre and a distribution centre, all of which are wholly owned by GTV. GTV management has decided to implement ISO 9001:2008 in all its facilities worldwide, and expects all facilities of GTV to have their own quality management system (QMS). However, not all facilities are required to obtain certification. In addition, all facilities have to comply with the contents of the corporate quality policy, which is To provide customers of GTV with products and services that meet their needs and expectations, and to continually improve the QMS.

Scenario 10 : Complex Organization (Global TV)

NOTE:

For the purpose of simplifying the example for a complex organization, the number of centres and plants has been reduced to one of each (design centre, sub-assembly plant, manufacturing centre and distribution centre).
ISO 9001:2008 allows for the exclusion of any requirement(s) within clause 7, where such exclusions do not affect the organizations ability or responsibility to consistently provide product that meets customer and applicable statutory and regulatory requirements. When applying clause 1.2 Application to a complex organization (Global TV) we have to take into consideration the organizations customer. Global TVs ultimate customer is the end user who purchases the product from a retail distributor. The customer of the individual centres and plants is the centre or plant that receives its product (i.e., the design centres customers are the subassembly plant and the manufacturing centre).

Scenario 10 : Complex Organization (Global TV)

Scenario 10.2: Manufacturing Centre (MC)

Situation:
MC receives orders from headquarters and delivers products to the distribution centre. It has established its QMS guided by, and in conformity with, the quality policy of GTV. All aspects of quality management required by ISO 9001:2008 are performed within the MC, with the sole exception of product design and development. The MC decided to exclude Sub-Clause 7.3 Design and development from the scope of its QMS since it performs no design activities. The MC does include a statement and justification in its quality manual that it is excluding the product design and development process and further indicates that a) its customer is Global TV headquarters who provide orders to the manufacturing plant, and b) Global TV headquarters is responsible for ensuring the Design Centre conforms to ISO 9001:2008.

Issue(s):
Can the MC exclude Sub-Clause 7.3 Design and development from its QMS and claim conformity with ISO 9001:2008?

Scenario 10.3 : Global TV

Situation:
Global TV Headquarters distributes its products through retail outlets to the end user customer. The organization has implemented ISO 9001:2008 at it headquarters and has requested that all its facilities implement a quality management system conforming to ISO 9001:2008. To date the only facility that has not implemented a quality management system is the Design Centre. In its quality management system manual Global TV headquarters states that all of its facilities conform to ISO 9001:2008 and the organization has not taken any exceptions.

Issue(s):
Can Global TV claim conformity with ISO 9001:2008?

10.4 Summary
Any complex organization (such as Global TV) has to be careful of its claim that its quality management system conforms to ISO 9001:2008. The organization has responsibility for all ISO 9001:2008 requirements that can affect the organizations ability to provide products that meet its customer and statutory and regulatory requirements. Therefore, in order to claim conformity to ISO 9001:2008 at the corporate level, it has to ensure that all its relevant facilities are conforming to ISO 9001:2008. The organizations individual facilities may exclude requirements within Clause 7 based on a justification making it clear that their customer is another division of the corporation, and not the end-user. The certificates of conformity referencing internal customers are of no direct value to the external customers of the organization.

Mandatory records required by ISO 9001:2008 standard

4.2.1 Records determined by the organization to be necessary to ensure effective planning, operation and control of processes 5.6.1 Records of management review 6.2.2 Records of education, training, skills, and experience 7.1 Records of evidence that realization processes and product meet requirements 7.2.2 Records of review of customer requirements and follow-up actions 7.3.2 Records of design and development input 7.3.4 Records of design and development review 7.3.5 Records of design verification actions 7.3.6 Records of design validation actions 7.3.7 Records of design changes and results 7.4.1 Records of the evaluation of suppliers 7.5.2 Records of special process validations 7.5.3 Records of the unique identification of product (traceability)
7.5.4 Records of lost, damaged or unsuitable customer property 7.6 Records of the basis of calibration used when no traceable standards exist 7.6 Records of the results of calibration 7.6 Records of assessment of product when calibration is out of tolerance 8.2.2 Records of internal audits 8.2.4 Records of person(s) authorizing release of product to the customer 8.3 Records of the nature of nonconformities and subsequent actions 8.5.2 Records of the results of corrective action taken 8.5.3 Records of the results of preventive action taken

PLUS

records the organization may choose to keep

e.g. delivery notes and copies of purchase orders are not mentioned in that list but most organizations would want to keep them.