Issue 58 – Clause 8.5: Production and Service Provision
ISO 9001:2015…
Clause 8.5: Production and Service Provision
What’s the intent of Clause 8.5?… In our last Newsletter (ISO 9001:2015 Newsletter Issue 57) we discussed the topic of “acquiring goods and services”, and now here in Clause 8.5 we address the area of “providing products and services”. The intent of this Clause is to to take those goods and services we’ve acquired and transform them into the final products and services which the Customer has ordered.
Note A: This Clause DOES include requirements for “documented information”.
Note B: In case you were curious, the content for these Newsletters comes from working in the field with my Clients, and with their ISO Certification Bodies. I gain a lot of hands-on experience from conducting training workshops, gap audits and internal audits, where the requirements of the Standard have to be interpreted and applied to each unique situation. A popular training request is our on-site Internal Process Auditor Training for ISO 9001:2015 since you will need to do a complete round of internal audits to the new Standard prior to your external upgrade audit. On that note, some organizations are opting to use an outside resource to assist with their internal audits in order to meet deadlines (…more details on this service, as well as the training sessions we offer, can be found below).
The new numbering format…
Element 4 – Context of the organization
Element 5 – Leadership
Element 6 – Planning
Element 7 – Support
Element 8 – Operation
Element 9 – Performance evaluation
Element 10 – Improvement
Clause 8.5 Production and Service Provision consists of six (6) Sub-Clauses as listed below:
8.5.1 Control of production and service provision
8.5.2 Identification and traceability
8.5.3 Property belonging to customers or external providers
8.5.4 Preservation
8.5.5 Post-delivery activities
8.5.6 Control of changes
Sub-Clause 8.5.1 Control of production and service provision – I’ll start this off by saying that for many organizations, Sub-Clause 8.5.1 covers essentially the same territory as the old Clause with the same title found back in 2008. This sub-clause is asking organizations to implement a number of conditions in order to “control” the process used to produce a product or to supply a service.
Sub-clause 8.5.1 a) is asking you to provide “documented” (this is new) information that shows exactly what product is being produced or what service is being supplied, including the results expected (also new). Sub-clause 8.5.1 b) and c) are dealing with “monitoring and measurement” controls, whereas 8.5.1 d) retained the previously used term “equipment” but expanded it to include “infrastructure and environment”. Sub-clause 8.5.1 e) is new, in that it states “people” are an important part of controlling a process. Sub-clause 8.5.1 f) is the old “special processes Clause from the 2008 version, that most organizations took an “NA” on. Sub-clause 8.5.1 g) is brand new and deals with “mistake proofing” as a technique for process control, and finally 8.5.1 h) is an exact repeat requirement from 2008.
Sub-Clause 8.5.2 Identification and traceability – This sub-clause adds no new requirements for identifying and tracing products, with the exception of the “and services” statement. As I’ve said previously, look at those “services” you listed in your Scope statement and then decide how best to apply the requirements within this Clause.
Sub-Clause 8.5.3 Property belonging to Customers or external providers – This sub-clause has expanded its reach by now including property belonging to Vendors (external providers). In addition, you’ll need to pay attention also to the “and services” impact to see what might now covered by this sub-clause. Keep in mind that property can also be intangible such as “information” or “data”.
Sub-Clause 8.5.4 Preservation – This sub-clause adds no new requirements for preservation of products, with the exception of the “and service” statement. As I’ve said previously, look at those “services” you listed in your Scope statement and then decide how best to apply the requirements within this Clause.
Sub-Clause 8.5.5 Post-delivery activities – This sub-clause takes a previously stated requirement (8.5.1h) and adds more new requirements that were not found in the 2008 version. Specifically 8.5.5 b), c) and e) introduce new requirements intended to ensure that the Customer is made aware of important factors concerning your products and services AFTER they have been provided by your organization. There is a Note at the end of the Clause which states: Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
Sub-Clause 8.5.6 Control of changes – Although the requirements contained within this sub-clause were certainly implied in the old 2008 version, this sub-clause now makes it explicit. Your organization needs to control any changes made either to the production processes, or the service processes. Control means keeping records of what was changed, who authorized the changes, that the changes were reviewed and determining if any action plans are necessary as a result of the review.
Be sure to watch for our next Newsletter issue where we will cover another section of ISO 9001:2015…
PS: Don’t forget to look at the Q&A section below for some final thoughts…
To view all of our past Newsletters or to sign up to receive them… click here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Need Help?
ISO 9001:2015 Internal Audit Outsourcing (we can do it for you OR with you!)
For cost effectiveness, the Internal Audit function can be outsourced to an external experienced auditor on a periodic basis. This will provide an independent and objective assessment to management, of where process issues may exist, along with identifying opportunities for improvement. It will also provide the evidence needed to satisfy the Internal Audit requirements in the ISO Standards. We have used two different approaches with this service: a) We conduct the entire audit ourselves, or b) We act as the lead auditor, and along with your Team of internal auditors, we complete the entire audit together. This latter approach allows your people to receive guidance and direction from an experienced lead auditor while at the same time maintaining significant involvement in the internal audit process.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Internal Process Auditor Training for ISO 9001:2015
The two (2) day Internal Process Auditing for ISO 9001:2015 Training Session is focused on a process approach to auditing with the objective being not only to assess conformance of the quality management system, but also to uncover process improvements during an audit. This goes hand in hand with the process auditing requirements found within ISO 19011 and the process approach covered in ISO 9001:2015, which promotes continual process improvement throughout this Standard. An enhanced checklist is developed, and there will be workshops throughout, to reinforce learning, as well as a live, practice audit. If you are looking to meet the ISO 9001:2015 internal audit requirements and to “raise the bar” for your internal audit program then this is the course you should consider.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Q: How do you perform an audit for Clause 8.5 of ISO 9001:2015?
A: For Clause 8.5, an Audit Checklist should cover these areas:
– Has the organization implemented production and service provision under controlled conditions? Explain.
– Does the organization have documented information available on how the products/services/activities are to be carried out? The results to be achieved?
– Has the organization defined the availability and use of suitable monitoring and measuring resources? How?
– Has the organization implemented monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for services, have been met? How?
– Has the organization implemented the use of suitable infrastructure and environment for the operation of processes? How?
– Has the organization appointed competent persons, including any required qualifications, for those persons providing products and services? How?
– Has the organization carried out the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement? How?
– Has the organization implemented actions to prevent human error? Examples?
– Has the organization implemented release, delivery and post-delivery activities? Describe.
– Does the organization identify and trace its products and services? How?
– Does the organization identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision? How?
– Does the organization control the unique identification of the outputs when traceability is a requirement, and does it retain the documented information necessary to enable traceability? How?
– How does the organization exercise care with property belonging to Customers? Any intangible property?
– How does the organization exercise care with property belonging to external providers? Any intangible property?
– Does the organization identify, verify, protect and safeguard Customers’ or external providers’ property provided for use or incorporation into the products and services? How?
– Does the organization report property of a Customer or external provider that is lost, damaged or otherwise found to be unsuitable for use, to the Customer or external provider and retain documented information on what has occurred? How?
– Does the organization preserve products AND services being provided to Customers? How?
– Does the organization meet requirements for post-delivery activities associated with the products and services? How?
– In determining the extent of post-delivery activities that are required, does the organization consider statutory and regulatory requirements? How?
– In determining the extent of post-delivery activities that are required, does the organization consider the potential undesired consequences associated with its products and services? How?
– In determining the extent of post-delivery activities that are required, does the organization consider the nature, use and intended lifetime of its products and services? How?
– In determining the extent of post-delivery activities that are required, does the organization consider customer requirements? How?
– In determining the extent of post-delivery activities that are required, does the organization consider customer feedback? How?
– Does the organization review and control changes to the processes for production and service provision? How is this done? Who can authorize these changes? Any actions taken as a result of the review of these changes? Is documentation retained?
(Make sure to interview more than one person and obtain examples for the items listed above)
Until next time…
Tim Renaud
Helping Business Professionals Reduce Risk and Remove Waste!