Issue 56 – Clause 8.3: Design and development of products and services
Clause 8.3: Design and development of products and services
What’s the intent of Clause 8.3?… In our last Newsletter (ISO 9001:2015 Newsletter Issue 55) we discussed the topic of “product requirements and service requirements”, and now here in Clause 8.3 we address the area of “design and development”. The intent of this Clause is to build on “defining requirements” that was done in Clause 8.2 and now turn those requirements into a product designs and service delivery designs, based on what the Customer has ordered.
Note A: This Clause DOES include requirements for “documented information”.
Note B: In case you were curious, the content for these Newsletters comes from working in the field with my Clients, and with their ISO Certification Bodies. I gain a lot of hands-on experience from conducting training workshops, gap audits and internal audits, where the requirements of the Standard have to be interpreted and applied to each unique situation. A popular training request is our on-site Internal Process Auditor Training for ISO 9001:2015 since you will need to do a complete round of internal audits to the new Standard prior to your external upgrade audit. On that note, some organizations are opting to use an outside resource to assist with their internal audits in order to meet deadlines (…more details on this service, as well as the training sessions we offer, can be found below).
The new numbering format…
Element 4 – Context of the organization
Element 5 – Leadership
Element 6 – Planning
Element 7 – Support
Element 8 – Operation
Element 9 – Performance evaluation
Element 10 – Improvement
Clause 8.3 Design and development of products and services consists of six (6) Sub-Clauses as listed below:
8.3.2 Design and Development Planning
8.3.3 Design and Development Inputs
8.3.4 Design and Development Controls
8.3.5 Design and Development Outputs
8.3.6 Design and Development Changes
Sub-Clause 8.3.1 General – The new requirements within this sub-clause are the result of the use of the words “and services”. As I have mentioned in previous Newsletters, “services” were always included in the old 2008 version, as outlined up in Section 3.0 (Terms and definitions). In any event, this new revision makes sure we address “services” by inserting it throughout the whole document.
Let’s begin by discussing the fact that the majority of companies currently registered/certified to ISO 9001:2008 take a “Not Applicable” on Clause 7.3 (Design and Development), and that is because in most cases they have a pre-existing menu of product offerings that have already been “designed” for all Customers, which they simply produce based on demand. If however they bring on-board a completely new product and they begin doing “design” activities, then this Clause (8.3) would become applicable to them. Actually in many cases, companies simply acquire new products that have already been “designed” by another organization, and they begin to produce them… which means “design” still does not apply. In those instances, Clause 8.1 (Operational planning and control) would be the mechanism for ensuring the organization has “plans” and “controls” in place to provide these new products, to meet the stated requirements.
The exact same logic or approach holds true for any “services” offered by the organization to their Customers (as outlined in their Scope statement). If you have a pre-existing menu of services that have already been “designed” for all Customers, then how these services are “planned and controlled” would be addressed within Clause 8.1 (Operational planning and control).
So here are the critical questions you need to ask:
Does your company initiate product design activities specifically for any Customer Orders that are received? OR
Does your company initiate product design activities in order to offer any new products to your Customers?
If the answer to either question is “yes” then that was the primary reason Clause 8.3 was included in the ISO 9001:2015 Standard… and “yes”, product design is applicable to you, and all of the “shall” requirements within this Clause apply.
If the answer to both questions is “no”, then product design is not applicable to you.
Go through these same questions again but now change the word “product” into the word “service”… by doing so you will be able to determine if “design of services” is applicable to you or not.
Keep in mind that even if you decide that “design” is not applicable to you (for either products or services), you still need to implement controlled processes for consistently providing those products and services (listed within your Scope) to your Customers… and you need to do it to their satisfaction.
If “design” is applicable then sub-clause 8.3.1 is asking organizations to implement and control an overall process that will generate a “designed product” and/or a “designed service” that meet of all of the necessary requirements.
Sub-Clause 8.3.2 Design and Development Planning – What’s new in this sub-clause is first found in 8.3.2 a) where your organization is asked to consider the “nature, duration and complexity” of their designs when deciding design stages and design controls. 8.3.2 e) asks you to consider what “external” resources (in addition to internal) will be needed to perform the design activities. 8.3.2 g) wants you to consider involving Customers (and users) within the design process/stages. 8.3.2 i) is asking organizations to think about what level of control is “expected” by either Customers and/or other interested parties. Finally, 8.3.2 j) is asking you to decide what documented information will demonstrate that design requirements have been met. This by the way, could be a simple “Design Checksheet” which flows alongside the stages of design and confirms all the necessary activities were completed.
Sub-Clause 8.3.3 Design and Development Inputs – The biggest change is found in 8.3.3 e) which asks organizations to consider the “potential consequences of failure” from their designs. A good tool that can be used here would be a FMEA (failure mode and effects analysis).
Sub-Clause 8.3.4 Design and Development Controls – This sub-clause combines a number of the design sections from the old 2008 version, namely design review, design verification and design validation. Essentially all of the requirements here are similar to 2008.
Sub-Clause 8.3.5 Design and Development Outputs – This sub-clause carries over all of the previous 2008 requirements with additions in 8.3.5 c) asking you to identify what the monitoring and measuring requirements are during subsequent processing, and 8.3.5 d) which requires you to specify what characteristics are essential for the intended purpose of the final design.
Sub-Clause 8.3.6 Design and Development Changes – This sub-clause is similar to the previous 2008 requirements with new requirements found in 8.3.6 c) asking you to document who authorized the design changes and 8.3.6 d) which requires you to document actions you take to prevent adverse impacts from your “changed” design.
Be sure to watch for our next Newsletter issue where we will cover another section of ISO 9001:2015…
PS: Don’t forget to look at the Q&A section below for some final thoughts…
To view all of our past Newsletters or to sign up to receive them… click here
For cost effectiveness, the Internal Audit function can be outsourced to an external experienced auditor on a periodic basis. This will provide an independent and objective assessment to management, of where process issues may exist, along with identifying opportunities for improvement. It will also provide the evidence needed to satisfy the Internal Audit requirements in the ISO Standards. We have used two different approaches with this service: a) We conduct the entire audit ourselves, or b) We act as the lead auditor, and along with your Team of internal auditors, we complete the entire audit together. This latter approach allows your people to receive guidance and direction from an experienced lead auditor while at the same time maintaining significant involvement in the internal audit process.
This Documentation Development Training Workshop for ISO 9001:2015 Session is intended to be a very interactive, hands-on session (hence the name Workshop) where your QMS documentation will be created/revised, with guidance from an experienced facilitator. This type of session can help launch your transition efforts by getting a lot accomplished within a compressed time-frame. If your organization has already begun the re-write then this session can be used to validate what you’ve accomplished so far, or if you haven’t yet begun, it can be the catalyst to get things started (…which is usually the hardest part). Deciding how to move from your current QMS structure into a new one can be a daunting task and this session can help you navigate through it. A copy of a sample Quality Manual (re-iterating the “shall” requirements found within the ISO 9001:2015 Standard) will be provided to each participant. As always, our focus will be on how to develop a simplified and streamlined quality management system, that helps to drive improvement in your business.
The two (2) day Internal Process Auditing for ISO 9001:2015 Training Session is focused on a process approach to auditing with the objective being not only to assess conformance of the quality management system, but also to uncover process improvements during an audit. This goes hand in hand with the process auditing requirements found within ISO 19011 and the process approach covered in ISO 9001:2015, which promotes continual process improvement throughout this Standard. An enhanced checklist is developed, and there will be workshops throughout, to reinforce learning, as well as a live, practice audit. If you are looking to meet the ISO 9001:2015 internal audit requirements and to “raise the bar” for your internal audit program then this is the course you should consider.
This combines the ISO 9001:2015 Essentials Session with a Gap Audit – This approach is used to assist organizations in launching their transition efforts for this new ISO Standard. This event accomplishes two things: a) it provides education on the new ISO 9001:2015 Standard for your key personnel (i.e. internal auditors; etc.), by highlighting the differences from the 2008 version; and b) assesses the gap from where you are today to where you need to be to achieve compliance to this new ISO Standard. Training certificates covering education on the new ISO 9001:2015 Standard, as well as issuing of a Gap Audit Report for distribution to your Top Management, are the two deliverables from this event. On a final note, a closing meeting can be arranged with key individuals so they can hear first hand the results of the Gap Audit that was performed. PS: We’ve also done this session with just the QMS Management Rep attending, which allowed them to quickly get up to speed on this new Standard, as well as to see how much of an effort the transition will be… and of course they receive their own Training Certificate as part of this event. This also allowed them to avoid traveling offsite to get the training they needed anyways, as evidence for their Certification Bodies.
Q: How do you perform an audit for Clause 8.3 of ISO 9001:2015?
A: For Clause 8.3, an Audit Checklist should cover these areas:
– Is Clause 8.3 applicable to the organization? If not, what is the justification for exclusion for the products listed in the Scope? For the services listed in the Scope?
– What initiates “design” activities within the organization?
– Does design planning consider the nature, duration and complexity of the design activities? How?
– Does design planning consider the required process stages, including applicable design and development reviews? How?
– Does design planning consider the required design and development verification and validation activities? How?
– Does design planning consider the responsibilities and authorities involved in the design and development process? How?
– Does design planning consider the internal and external resource needs for the design and development of products and services? How?
– Does design planning consider the need to control interfaces between persons involved in the design and development process? How?
– Does design planning consider the need to involve Customers and Users as part of the design activities? How?
– Does design planning consider the requirements for subsequent provision of products and services? How?
– Does design planning consider the level of control expected by Customers and other interested parties within the design activities? How?
– Does design planning consider the documented information needed to demonstrate that design and development requirements have been met? How?
– Has the organization determined the requirements essential for the specific types of products and services to be designed and developed? How?
– Does the organization consider, as part of the design inputs, the functional and performance requirements? How?
– Does the organization consider, as part of the design inputs, the information derived from previous similar design and development activities? How?
– Does the organization consider, as part of the design inputs, the statutory and regulatory requirements? How?
– Does the organization consider, as part of the design inputs, the standards or codes of practice that the organization has committed to implement? How?
– Does the organization consider, as part of the design inputs, the potential consequences of failure due to the nature of the products and services? How?
– Has the organization that inputs shall be adequate for design and development purposes, complete and unambiguous? How?
– Does the organization resolve conflicting design and development inputs? How?
– Does the organization retain documented information on design and development inputs? Where?
– Has the organization applied controls to the design and development process to ensure that the results to be achieved are defined? How?
– Has the organization applied controls to the design and development process to ensure that the reviews are conducted to evaluate the ability of the results of design and development to meet requirements? How?
– Has the organization applied controls to the design and development process to ensure that the verification activities are conducted to ensure that the design and development outputs meet the input requirements? How?
– Has the organization applied controls to the design and development process to ensure that the validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use? How?
– Has the organization applied controls to the design and development process to ensure that any necessary actions are taken on problems determined during the reviews, or verification and validation activities? How?
– Has the organization applied controls to the design and development process to ensure that documented information of these activities is retained? How?
– Has the organization ensured that the design and development outputs meet the input requirements? How?
– Has the organization ensured that the design and development outputs are adequate for the subsequent processes for the provision of products and services? How?
– Has the organization ensured that the design and development outputs include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria? How?
– Has the organization ensured that the design and development outputs specify the characteristics of the products and services that are essential for their intended purpose
and their safe and proper provision? How?
– Does the organization retain documented information on design and development outputs? Where?
– Does the organization identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements? How?
– Does the organization retain documented information on design and development changes? Where?
– Does the organization retain documented information on the results of reviews? Where?
– Does the organization retain documented information on who authorized the design changes? Where?
– Does the organization retain documented information on the actions taken to prevent adverse impacts from the design changes? Where?
(Make sure to interview more than one person and obtain examples for the items listed above)
Until next time…
Helping Business Professionals Reduce Risk and Remove Waste!