ISO 9001: 2015 Design and Development Clause

Prepare for ISO 9001: 2015

Question

We are service providers in NDT and inspection field. I want to know how to implement the design and development clause from ISO 9001: 2015.

Answer

There are two ways to approach this:

One is to use the process developed in ISO 9001:2008, 7.1 where you probably have a “quality plan” for the execution of the service delivery (ISO 9001:2015, 8.1).

The second approach is to design the process itself (ISO 9001:2015, 8.3).  That involves these activities:

INPUT
• Development of a design plan
Who will do what when with what?
Necessary control points
• Identification of customer requirements as inputs, along with inputs from similar previous service offerings
• Identify any special service characteristics, such as safety issues, regulatory compliance
Consequences of failure
• Identify products/services to be purchased/outsourced
THROUGHPUT
• Documentation of these inputs
• Preparation of an output in a format appropriate to the organization
OUTPUT
• A comparison of the outputs with the input requirements and an approval, if required
Outputs should include process monitoring and measuring requirements
• Outputs can include verification, design review and validation*
• A mechanism to handle process design changes

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
http://www.globalcert-usa.com/
Dayton, OH

ISO 9001 Electronic Records

Reviewing confidential files, training records, human resources filesQ: I have a few questions about employee training records.  My company is certified to ISO 9001:2008 Quality management systems–Requirements, and we are considering transitioning to electronic records. However, we don’t know what the requirements are from an ISO perspective. Specifically, we want to know:

1. Do we need to retain hardcopy originals, or can we just keep the scanned electronic copies?

2. Does a record need to be in each individual’s file, or can there be a spreadsheet, cross reference-type matrix?

3. How long do they need to be retained?

4. Are there different requirements for environmental and safety type training records?

A: Thank you for contacting the ASQ Ask the Experts Program. Responses to your specific inquiries follow:

  1.  You may retain records in any format or media you desire.  You do not need both hardcopy and electronic.

2. You may use a spreadsheet matrix.

3. Retention times are your determination. Consult with the corporate attorney as to any requirements from the U.S. Equal Employment Opportunity Commission to protect yourself if there is a lawsuit (assuming your organization is located in the United States).

4. Check with the U.S. Occupational Safety and Health Administration (OSHA) and the U.S. Environmental Protection Agency (EPA) regarding requirements for these records.  These are outside the scope of ISO 9001.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

Related Content:

Browse the articles below, or find more open access articles and resources about documentation practices in ASQ Knowledge Center search results.

Geometrica Builds ISO 9001 QMS on Wiki, ASQ Knowledge Center

Geometrica, a manufacturer of domes and free-style structures, used a wiki to document its ISO 9001:2008 quality management system. The company attributes its fast track to certification—nine months from beginning to certification—to the ease and efficiency of wikis. Read the case study.

Consultants’ Style: Sometimes Less Is More, Quality Progress

Many small to medium sized organizations hire consultants to help them attain ISO 9001 and ISO 14001 registration. Consultants who base their advice on the organization’s existing practices and do less documentation are usually more effective. Ten companies share their experiences. Read the article.

Explore the ASQ Knowledge Center for more case studies, articles, benchmarking reports, and more.

Browse ASQ magazines and journals here.

ISO 9001 Statutory and Regulatory Requirements

About ASQ's Ask the Standards Expert program and blog

Q: I manage the quality management program at my company according to ISO 9001:2008 — Quality management systems –Requirements.  I was hoping to find some assistance in the area of statutory and regulatory requirements.  Can you provide me with some help in regards to what this means in terms of the standard?

A: Statutory and regulatory requirements are product related.  They may be federal, state or local.  They would depend upon your industrial classification.  Once you have that, you can cross check the classification with the Code of Federal Regulations (CFR).  Since the CFR are subject to change, someone in your organization should be charged with the responsibility for researching updates (there are organizations that provide this service). As far as international is concerned, the country of destination would need to be researched.  Often, a customs broker can be of assistance here.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner, Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

Related Content:

Imaging Core Lab Takes Quality Beyond Regulatory Requirements With ISO 9001, ASQ Knowledge Center case study, Open Access

Medical Metrics Inc. (MMI), had an existing quality management system structured to meet FDA regulations, but it was missing a framework to help drive organizationwide improvement. MMI worked with an external consultant to create an integrated management system—a fusion of regulatory requirements with the ISO 9001 framework—and received certification to the standard in less than seven months. Read More.

Sarbanes-Oxley And ISO 9000, Quality Progress, Open Access

Critics say ISO 9000 doesn’t compare favorably to quality programs such as the Baldrige criteria, lean and Six Sigma. But ISO 9001’s emphasis on documentation is a major asset from a legal perspective. Quality professionals can help companies comply with Sarbanes-Oxley while enhancing their organizational status. Read More.

ISO 9001 Second-Party Audits and Confidential Information

Reviewing confidential files, training records, human resources files

Q: I am auditing contractors involved in a huge project of ours, and from time to time when I ask for information (risk register, management review meetings, etc.), they say it is confidential.

Where is the limit for confidentiality and how I should deal with it? Actually, it seems like the contractor is using it as a trick.

A: What is not clear from your question is the contractual arrangements you have with your suppliers.  If the contract has a confidentiality clause and calls for second party audits, there is no excuse for withholding information.   ISO 9001:2008 — Quality management systems –Requirements does not address confidentiality.  That is best addressed in the specific arrangements between supplier and customer.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
www.globalcert-usa.com/
Dayton, OH

Related Content:

Read more open access content about auditing from ASQ:

Ask, and Ye Shall Receive , Quality Progress

Back to Basics: Best Practices in Auditing, Quality Progress

Free Chapter from The Process Auditing and Techniques Guide, Second Edition, ASQ Quality Press. Visit the ASQ store for more information about this book.

Explore more using ASQ Knowledge Center Search.