The revised standard focuses on customer requirements.
by Jeanne Ketola and Kathy Roberts
any of the clauses from ISO 9001:1994 are incorporated into ISO 9001:2000's section 7, Product realization. This section groups the requirements from the 1994 version's clauses 4.3,
4.4, 4.6, 4.7, 4.8, 4.9, 4.10, 4.11, 4.12, 4.15 and 4.19. This section also addresses process planning and customer communication and is the only
section of the standard that allows exclusions to the requirements. These exclusions must not affect the organization's ability to provide products that meet
the customer's requirements. Also note that although clause 4.13, Control of nonconforming product, is closely connected to product production, it is
represented under section 8, Measurement, analysis and improvement.
Exercise some care when reading section 7, as the vocabulary has been
modified even though the requirement's purpose remains the same. For further clarification on how the ISO 9001:1994 requirements cross-reference to those in ISO 9001:2000, refer to the matrix (Figure 1).
Voice of the customer
One of the criticisms of ISO 9001:1994 was that it focused on the organization rather than on the customer. The 1994 version's basic contract review
requirements remain the same in ISO 9001:2000, but the revised standard has new requirements that focus on "the voice of the customer." Following is a brief
description of the key changes affecting customers:
Certain customer requirements must be determined, such as specific product requirements, availability, delivery, support requirements, noncustomer-specific
product requirements, and regulatory and legal requirements. Many organizations may already have most of these in place, but the standard now
specifies the type of information that must be collected and documented. This may cause some organizations to formalize their approaches in order to show
evidence that customer requirements are taken into consideration.
Organizations must now identify and implement communication "arrangements" (methods) with their customers. Again, many organizations
probably do this currently but may not have formalized their processes. The information between the organization and its customers is related to products,
inquiries, contracts, order handling, changes, complaints and feedback.
The following are summaries of the other ISO 9001:1994 clauses that have
been incorporated into this section.
4.4 Design Control
ISO 9001:2000 addresses the main purpose of each of the subclauses of ISO
9001:1994's clause 4.4. Additional requirements have been added to further ensure that organizations clearly understand what their customers' requirements
are before they begin the design process. Organizations will be required to consider the effect of design changes on the constituent parts and delivered
products and document the changes and any associated actions.
The purpose of this clause has remained the same; however, the section
focused on control over suppliers has been modified. The terminology has been improved to eliminate confusion surrounding the terms "subcontractor" and
"supplier." Several of the items that were required "where applicable" on purchasing documents have been eliminated. Organizations will still need to
consider what criteria they use for supplier selection and how often their suppliers should be evaluated. Overall, the purchasing section is still designed to
ensure that purchased product conforms to specifications and that purchasing documents clearly describe what is being ordered.
4.7 Control of Customer-Supplied Product
There are no significant changes related to ISO 9001:1994's clause 4.7. The words "identify and protect" have been added to the requirements for
clarification. Organizations are still completely responsible when handling customer property. The term "property" has replaced "product."
4.8 Product Identification and Traceability 4.12 Inspection and Test Status
ISO 9001:1994's clauses 4.8 and 4.12 are combined under one section in the
revision so that organizations will use these requirements, as applicable, for their processes.
Although the inspection and test status requirements from ISO 9001:1994's
clause 4.12 are not explicitly stated in the revision, it's simply good business practice to know the inspection status of product throughout production,
service or installation to ensure that only conforming product is used, released or installed. In particular, these practices should clearly address conforming and
nonconforming product to prevent the shipment of nonconforming product.
4.9 Process Control
Organizations are still required to maintain operations in a controlled environment and provide work instructions for personnel where necessary.
There are several new requirements, however, that expand on some of the basic requirements in the 1994 version. Organizations must now consider how
they validate and revalidate special processes where the resulting output can't be verified by subsequent measuring.
4.10 Inspection and Testing
Quite a bit of the text from the 1994 version has been moved to ISO 9004:2000, the guideline document. However, the purpose of 4.10 remains in
ISO 9001:2000. The revision doesn't explicitly specify inspection and testing activities for incoming, in-process and final product, although they are implied.
Documented evidence that products and/or services conform to specifications still must exist, and evidence must show what acceptance criteria are used.
When addressing monitoring and verification requirements, it will be important to review all of the applicable sections of the revised standard to meet the
original intent behind the 1994 requirements.
4.11 Control of Inspection, Measuring and Test Equipment
One significant change in the revised standard is the term "where applicable" in relation to the ISO 9001:1994 version's a)–e) requirements for measuring and
monitoring devices. The revised standard does not make it clear whether organizations can determine which of the requirements apply to their devices.
The revised standard no longer specifies some of the specific requirements that some companies found helpful when setting up their systems, such as equipment
type, unique identification, location, and frequency and method of checks. Finally, two key requirements are no longer included in the standard: identifying
equipment with a suitable indicator to show the calibration status and ensuring that the environmental conditions for carrying out the calibrations, inspections and measurements are suitable.
4.15 Handling, Storage, Packaging, Preservation and Delivery
The requirements of ISO 9001:1994's clause 4.15 have been considerably
broadened. Most of the 1994 requirements for this clause have been carried over to ISO 9004:2000, so the user is advised to read the corresponding
section in ISO 9004:2000. Because the specific requirements have been reduced, it's unclear what auditors will be looking for with regard to documentation.
4.16 Quality Records
Most of the following records were included in clause 4.16 in the 1994 version; however, the requirement to record results and follow-up actions has
been added to many of them as follows:
Organizations must determine which records are kept to provide confidence that processes and resulting products conform during process planning.
Records for contract review must be more explicit. ISO 9001:2000
specifies that the results of the review and follow-up actions must be recorded.
Reviews at all suitable stages of design and/or development must be conducted. The results of the design and/or development reviews and
subsequent follow-up actions must be recorded.
The results of verification and validation and subsequent follow-up actions must be recorded.
The results of the review of design and/or development changes and of subsequent follow-up actions must be recorded.
The results of supplier evaluations and follow-up actions must be recorded.
Calibration results must be recorded.
ISO 9001:1994's clause 4.19's requirements for servicing (as it relates to
repairs, maintenance or other services specified in the original contract) that takes place after delivery are blended into section 7.5.1, Operations control.
The standard no longer specifically addresses the need for documented procedures when performing, verifying and reporting the servicing aspect.
Quality plans and planning
ISO 9001:1994 generated confusion about quality planning and quality plans.
The revised standard contains more specific guidelines for organizational planning (section 5) and more clearly describes product planning (section 7).
The definition of "quality plans" in a note under section 7.1, Planning of realization processes, should further help to define the difference between quality planning and plans.
Areas of concern
Section 7, Product realization, contains some changes that may confuse current
users. For instance, the 1994 requirements of 4.8, 4.10, 4.12, 4.15 and 4.19 have either been moved to ISO 9004:2000 or combined with other sections, or
their language has been modified in such a way that will require users to read carefully in order to determine the intent.
Another area of confusion may be the deletion of a couple of key requirements for control of inspection, measuring and test equipment, otherwise known as
calibration, which are stated previously in the summary for clause 4.11, Control of inspection, measuring and test equipment.
Finally, section 7 is not specific about which subsections require documented procedures. Section 7 states that "the organization must determine the need to
establish processes and documentation." This requirement is open to interpretation and may cause inconsistencies in terms of process or system
development. The statement may also cause inconsistencies during audits, as auditors will need to audit on a case-by-case basis in order to determine compliance.
What the registrars think
Fern Cowen, regional manager for the registrar AOQC Moody International,
explains what third-party auditors will need to know for auditing section 7 of ISO 9001:2000. "Generically speaking, it is recognized that ISO 9001:2000
represents a fundamental change of approach from the 1994 series (i.e., a process management approach)," says Cowen. "For the auditing process to be
effective, auditors will need to identify how the organization has identified and managed the numerous interlinked processes involved. With specific reference
to the subclauses within section 7, auditors will clearly need to be trained on factual interpretation of the requirements, especially the new requirements
contained within this section. This training should also include interpretation for different user groups."
Because most of the text of 4.10, 4.15 and 4.19 of the 1994 version has been moved to ISO 9004:2000, Cowen says, third-party auditors will need to
remember that product realization is the sequence of processes and subprocesses required to achieve the product or service. She explains that
planning of the realization processes must be consistent with the other requirements of the organization's quality management system and must be
documented in a format suitable to the organization's method of operation.
Cowen gives the following examples of evidence that a third-party auditor will
be looking for during an audit. With specific reference to the subclause 7.1, Planning of realization processes, the auditor should be looking for evidence that:
The organization has provided resources and facilities specific to the
product, including skilled personnel, equipment maintenance, identification of potential health and safety risks or environmental aspects, and available material, at all stages of the process.
Verification and validation activities and the criteria for acceptability have been determined and are acceptable to the customer. The auditor should be
specifically aware of process validation used where verification wasn't feasible.
Quality objectives for the product, project or contract have been identified, especially taking note that any ambiguous or conflicting requirements have been
resolved prior to commencing the process.
Records that can prove conformity exist and are in a medium suitable for the processes involved.
With specific reference to subclause 7.5.1, Operations control, the auditor should be looking for evidence of:
The availability of information that specifies the characteristics of the
product/service including any relevant or statutory requirements
Where necessary, the availability of work instructions
The availability and use of measuring and monitoring devices including the proper maintenance of such equipment
The implementation of monitoring activities as defined in quality planning
The implementation of defined processes for release, delivery and, where
applicable, post-delivery activities. This should include clearly defined requirements for delivery and installation and (if servicing is also a contractual
requirement) clearly defined activities and responsibilities for those servicing and maintaining the plant/equipment.
With specific reference to subclause 7.5.4, Preservation of product, the auditor should be looking for evidence that the organization has identified
measures for preserving product conformity with customer requirements during both internal processing and final delivery, especially where any damage or
deterioration may affect the quality of the finished product or its component parts.
As organizations prepare to implement ISO 9001:2000, they will need to
carefully review the differences between what they're currently doing and what the revised standard calls for. If an organization's system contains exclusions to
the requirements, the people responsible for ISO 9001 implementation should review their quality manual to ensure that these exclusions have been clearly
stated. Management will need a strong understanding of how the processes have been planned, implemented and documented in order to allow for better
audits and identification of improvement activities.
About the authors
Jeanne Ketola, CEO of Pathway Consulting Inc. in Minneapolis, Minnesota, is an ASQ Certified Quality Auditor, an RAB Quality Systems
Auditor and an active participant of the U.S. TAG to TC 176. E-mail her at firstname.lastname@example.org .
Kathy Roberts, President of Sunrise Consulting Inc. in Raleigh, North Carolina, is an ASQ Certified Quality Auditor, an active member of the
U.S. TAG to TC 176 and vice chair of the ANSI Z1 executive committee. E-mail her at email@example.com .
Ketola and Roberts are authors of the new book ISO 9001:2000 In a Nutshell: A Concise Guide to the Revisions (Paton Press, www.patonpress.com , firstname.lastname@example.org or 530-342-5480).