Subscribe Now to our FREE e-mail service!



Make sure that you are aware of upcoming webinars, new products, new ideas and value adding new information.



Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Enter your email here:
For Email Marketing you can trust
 

ISO 9001 2008 Revisions

Category: ISO / By P. Ambrose | May 08, 2009

Below is a summary of the changes made to the ISO 9001 standard in the 2008 revision.  While no requirements have changed and no new requirements have been added, there are some valuable clarifications that may change the approach that an organization would take in order to gain the maximum value from their system.

There are several changes which emphasis analysis and measurement.

There are several changes that emphasis the need for effectiveness.

There are also changes that provide some protection from poorly trained and anal auditors through additional focus and clarification.

In this document I have tried to provide not only the changes, but in some cases, how the changes may benefit or influence your organization.

For each change I  have shown the original ISO 9001 2000 text followed by the new text.  Where new wording is used, the new wording is highlighted in ‘Bold Italics’.
Changes
1.    Clause 4.1
a.    ISO 9001 2000 – ‘The organization shall….. (a) identify the processes needed for the quality management system and their application throughout the organization (see 1.2)
b.    ISO 9001 2008 – ‘The organization shall….. (a) determine the processes needed for the quality management system and their application throughout the organization (see 1.2)

The change encourages organizations to evaluate their current process structure and determine whether the current structure is appropriate to their goals and objectives rather than simply documenting and implementing the processes currently in place.  This approach is consistent with Dr. Deming’s position that the role of Senior Management is to ‘Design the Ship’.  It is Sr. Management’s role to determine the Goals and the Objectives of their organization, and to determine in what (business) environment the organization must work; and then design the organization (structure the processes) in such a way as to allow the organization to perform at peak levels.

2.  Clause 4.1
a.    ISO 9001 2000 – ‘Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes.  Control of such processes shall be identified within the quality management system.’
b.    ISO 9001 2008 – ‘Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes.  The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.’
Simple clarification of what is to be included in the QMS.
3.   Clause 4.1
a.    ISO 9001 2000 – ‘NOTE Processes needed for the quality management system referred to above should include processes for management activities, provision of resources, product realization and measurement.
b.    ISO 9001 2008 –‘NOTE 1  Processes needed for the quality management system referred to above should include processes for management  activities, provision of resources, product realization and measurement, analysis and improvement.
NOTE 2

An ‘outsourced process’ is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party
NOTE 3

Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements.  The type and extent of control to be applied to the outsourced process can be influenced by factors such as
a.    The potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements,
b.    The degree to which the control for the process is shared,
c.    The capability of achieving the necessary control through the application of 7.4 (Purchasing)
Addition of ‘analysis and improvement’ to note 1 reinforces the ISO Principle of information based decision making,  plus two additional notes intended to better define the outsourcing process.

Note 2 more specifically defines what an outsourced process is. “A process needed by the organization’s quality management system.” (i.e. not outsourced landscaping).

The first part of Note 3 is an import from the TS 16949 specification and reinforces the need for effective controls of outsourced processes while the influencing factors help quantify where controls are required and how stringent they need to be.  There is also an opportunity to identify outsourced processes where the normal or an enhancement of the purchasing process would provide sufficient control.
3.  Clause 4.2.1 (e)
a.    ISO 9001 2000 – The quality management system documentation shall include:  (e) records required by this international standard
b.    ISO 9001 2008 -  The quality management system documentation shall include:  (d) documents, including records
Item (e) included in item (d)
4.    Clause 4.2.1
a.    ISO 9001 2000 – ‘Where the term “documented procedure” appears within this international standard, this means that the procedure is established, documented, implemented and maintained.’
b.    ISO 9001 2008 – ‘Where the term “documented procedure” appears within this international standard, this means that the procedure is established, documented, implemented and maintained.  A single document may address the requirements for one or more procedures.  A requirement for a documented procedure may be covered by more than one document.’
Changes allow, for instance, ‘Control of Documents’ and ‘Control of Records’ to be covered in one documented procedure.  This note clarifies the fact that one document could cover both.  Or, alternatively, one requirement for a procedure could be covered through components of two or more procedures.  These alternatives would seem to be common sense, but apparently, where auditors are concerned, common sense isn’t always so common.
5.    Clause 4.2.3 (f)
a.    ISO 9001 2000 – ‘to ensure that documents of external origin are identified and their distribution controlled, and ….’
b.    ISO 9001 2008 – ‘to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and ….’
This change allows for the elimination of a lot of time, effort and cost spent in controlling every external document in the building.  This is also a clarification to protect your organization from anal auditors.  However, it adds a requirement for the organization to analyse their external documents and determine what external documents they receive, which are important, which need to be controlled and to what extent they need to be controlled.
6.    Clause 4.2.4
a.    ISO 9001 2000 – ‘Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.
b.    ISO 9001 2008 – ‘Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled.’
‘The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval and disposition of records.’
‘Records shall remain legible, readily identifiable and retrievable.’
Clause has be re-written and reorganized into three paragraphs to provide additional clarity.   Retrieval is stressed as it is identified in two of the three paragraphs.
7.    Clause 5.5.2
a.    ISO 9001 2000 – ‘Top management shall appoint a member of management who, irrespective of other responsibilities, shall have responsibility and authority that includes …’
b.    ISO 9001 2008 – ‘Top management shall appoint a member of the organization’s management who, irrespective of other responsibilities, shall have responsibility and authority that includes …’
In order to prevent organizations from interpreting ‘a member of management’ as, any salary paid employee.  This change has specified a member of the organization’s management.  In other words, the management representative must be a person with ‘Manager of’ or higher in their title.
8.    Clause 6.2.1
a.    ISO 9001 2000 – ‘Personnel performing work affecting product quality shall be competent on the basis of appropriate education, training, skills and experience.’
b.    ISO 9001 2008 – ‘Personnel performing work affecting conformity to product requirements shall be competent on the basis of appropriate education, training, skills and experience.’
Change moves the focus for competence toward those directly involved with product as compared to a more general interpretation that this requirement applies to everyone from the C.E.O. down.
9.    Clause 6.2.1
a.    ISO 9001 2000 – ‘No Note’
b.    ISO 9001 2008 – ‘NOTE Conformity to product requirements can be affected directly or indirectly by personnel performing any task within the quality management system.’
Change moves the focus for competence toward those directly involved with product as compared to a more general interpretation that this requirement applies to everyone from the C.E.O. down.

10.    Clause 6.2.2 a, b
a.    ISO 9001 2000 – ‘The organization shall
a) determine the necessary competence for personnel performing work affecting product quality,
b) provide training or take other actions to satisfy these needs,
b.    ISO 9001 2008 – ‘The organization shall
a) determine the necessary competence for personnel performing work affecting conformity to product requirements.
b) where applicable, provide training or take other action to achieve the necessary competence.’
More specific focus on training related to product conformance rather than the much broader interpretation in the 2000 version which could be used to apply to all activities that may affect quality in general.  Training may not be applicable.
11.    Clause 6.3 (c)
a.    ISO 9001 2000 – ‘Supporting services (such as transport and communications).’
b.    ISO 9001 2008 – ‘Supporting services (such as transport, communications and information systems).’
Change adds ‘information systems’ which is an area that is obviously becoming more important to organizations every day.
12.    Clause 6.4
a.    ISO 9001 2000 – ‘The organization shall determine and manage the work environment needed to achieve conformity to product requirements.’
b.    ISO 9001 2008 – Added ‘Note: The term “Work Environment” relates to those conditions under which work is performed including physical, environmental and other factors (such as noise, temperature, humidity, lighting or weather)’
There was confusion in some people’s mind that work environment was related to the ISO 14000 standard which covers the global environmental conditions.  The added note clarifies and better defines the application of the requirement.
13.    Clause 7.2.1 (c)
a.    ISO 9001 2000 – ‘statutory and regulatory requirements related to the product, and’
b.    ISO 9001 2008 – ‘ statutory and regulatory requirements applicable to the product, and.’
New ‘Note: Post-delivery activities include, for example, actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.’
Notes 2 and 3 deleted.

Added clarity in the requirement i.e. ‘applicable to the product’ rather than ‘related to the product’.  The NEW note provides clarification of the definition of post-delivery activities
14.    Clause 7.3.1
a.    ISO 9001 2000 – ‘The organization shall plan the design and development of product.’
b.    ISO 9001 2008 – Added ‘Note: Design and development review, verification and validation have distinct purposes.  They can be conducted and recorded separately or in any combination, as suitable for the product and the organization.’
Note added for clarification
15.   Clause 7.3.3 (b)
a.    ISO 9001 2000 – ‘The outputs of design and development shall be provided in a form that enables verification against the design and development input and shall be approved prior to release..’
b.    ISO 9001 2008 – ‘The outputs of design and development shall be in a form suitable for verification against the design and development input and shall be approved prior to release
Added ‘Note: Information for product and service provision can include details for the preservation of product.’
Text change for clarification plus an added note for clarification
16.   Clause 7.5.1
a.    ISO 9001 2000 – ‘The organization shall validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement. This includes any processes where deficiencies become apparent only after the product is in use or the service has been delivered.’
b.    ISO 9001 2008 – ‘The organization shall validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement and as a consequence, deficiencies become apparent only after the product is in use or the service has been delivered.’
Change provides clarification that there are two conditions 1. That output cannot be verified through monitoring (inspecting) and 2.That deficiencies can become apparent subsequent to product being put to use.
17.   Clause 7.5.3
a.    ISO 9001 2000 – ‘The organization shall identify the product status with respect to monitoring and measurement requirements.
Where traceability is a requirement, the organization shall control and record the unique identification of the product (see 4.2.4)’
b.    ISO 9001 2008 – ‘The organization shall identify the product status with respect to monitoring and measurement requirements throughout product realization.’
Where traceability is a requirement, the organization shall control and record the unique identification of the product and maintain records. (see 4.2.4)’

Change adds a requirement for records.

18.    Clause 7.5.4
a.    ISO 9001 2000 – ‘The organization shall exercise care with customer property while it is under the organization’s control or being used by the organization. The organization shall identify, verify, protect and safeguard customer property provided for use or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained (see 4.2.4).’
b.    ISO 9001 2008 – ‘The organization shall exercise care with customer property while it is under the organization’s control or being used by the organization. The organization shall identify, verify, protect and safeguard customer property provided for use or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer and maintain records (see 4.2.4).’

Clarification

19.    Clause 7.5.4
a.    ISO 9001 2000 – ‘NOTE Customer property can include intellectual property.
b.    ISO 9001 2008 – ‘NOTE Customer property can include intellectual property and personal data.

Added clarification – ‘personal data’  This is important when considering customer property as it applies to banks, credit card companies, medical centers etc.

20.    Clause 7.5.5
a.    ISO 9001 2000 – ‘The organization shall preserve the product during internal processing and delivery to the intended destination. This preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product.
b.    ISO 9001 2008 – ‘The organization shall preserve the conformity of product during internal processing and delivery to the intended destination in order to maintain conformity to requirements.  As applicable, preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product.

Preservation is confined to conformity to requirements and ‘as applicable’

21.    Clause 7.6
a.    ISO 9001 2000 – ‘When used in the monitoring and measurement of specified requirements, the ability of computer software to satisfy the intended application shall be confirmed.  This shall be undertaken prior to initial use and re-confirmed as necessary.  Note: See ISO 10012-1 and ISO 10012-2 for guidance.’
b.    ISO 9001 2008 – Added ‘Note: Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.
Original guidance note has been removed (standards referred to have been replaced – Now ISO 10012:2003) and an additional note added for clarification.
22.    Clause 8.2.1
a.    ISO 9001 2000 – ‘As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements.’
b.    ISO 9001 2008 – Added ‘Note: Monitoring customer perception can include obtaining input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims and dealer reports.
Note provides examples of alternative processes for determining customer perception.
23.    Clause 8.2.2
a.    ISO 9001 2000 – ‘The responsibility and requirements for planning and conducting audits and for reporting results and maintaining records shall be defined in a documented procedure.
b.    ISO 9001 2008 – ‘A documented procedure shall be established to define the responsibility and requirements for planning and conducting audits, establishing records and reporting results.  Records of audits and their results shall be maintained.’
Documented procedure paragraph has been restructured to make the requirement for a documented procedure more prominent.  Requirement for process steps for establishing records has been added.  Requirement for maintenance of records has been added.
24.    Clause 8.2.3
a.    ISO 9001 2000 – ‘The organization shall apply suitable methods and, where applicable, measurements of quality management system processes. ….  When planned results are not achieved, correction and corrective action shall be taken, as appropriate, to ensure conformity of the product.’
b.    ISO 9001 2008 – ‘The organization shall apply suitable methods and, where applicable, measurements of quality management system processes. ….  When planned results are not achieved, correction and corrective action shall be taken, as appropriate.  to ensure conformity of the product.
Added ‘Note: When determining suitable methods, it is advisable that the organization consider the type and extent of monitoring or measurement appropriate to each of its processes in relation to their impact on the conformity to product requirements and on the effectiveness of the quality management system.’
Specific words related to product conformity have been removed and a note added to include measurements that encompass both product and process.
25.    Clause 8.2.4
a.    ISO 9001 2000 – ‘The organization shall monitor and measure the characteristics of the product to verify that product requirements have been met. This shall be carried out at appropriate stages of the product realization process in accordance with the planned arrangements (see 7.1).
Evidence of conformity with the acceptance criteria shall be maintained. Records shall indicate the person(s) authorizing release of product (see 4.2.4).

Product release and service delivery shall not proceed until the planned arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer.

b.    ISO 9001 2008 – ‘The organization shall monitor and measure the characteristics of the product to verify that product requirements have been met. This shall be carried out at appropriate stages of the product realization process in accordance with the planned arrangements (see 7.1).  Evidence of conformity with the accepted criteria shall be maintained.’
Records shall indicate the person(s) authorizing release of the product for delivery to the customer (see 4.2.4)
The release of product and delivery of service to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer.’
Wording clarification.
26.   Clause 8.3
a.    ISO 9001 2000 – ‘The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. The controls and related responsibilities and authorities for dealing with nonconforming product shall be defined in a documented procedure.
The organization shall deal with nonconforming product by one or more of the following ways:
a) by taking action to eliminate the detected nonconformity;
b) by authorizing its use, release or acceptance under concession by a relevant authority and, where applicable, by the customer;
c) by taking action to preclude its original intended use or application.

Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained (see 4.2.4).

When nonconforming product is corrected it shall be subject to re-verification to demonstrate conformity to the requirements.

When nonconforming product is detected after delivery or use has started, the organization shall take action appropriate to the effects, or potential effects, of the nonconformity.’

b.    ISO 9001 2008 – ‘The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery.  A documented procedure shall be established to define the controls and related responsibilities and authorities for dealing with nonconforming product.

Where applicable the organization shall deal with nonconforming product by one or more of the following ways:

a) by taking action to eliminate the detected nonconformity;
b) by authorizing its use, release or acceptance under concession by a relevant authority and, where applicable, by the customer;
c) by taking action to preclude its original intended use or application.
d) by taking action appropriate to the effects, or potential effects of the nonconformity when nonconforming product is detected after delivery to the customer.
When nonconforming product is corrected it shall be subject to re-verification to demonstrate conformity to the requirements.
Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained (see 4.2.4).

The same requirements – text is revised in order only

27.    Clause 8.4 b)
a.    ISO 9001 2000 – ‘conformity to product requirements (see 7.2.1),
b.    ISO 9001 2008 – ‘conformity to product requirements (see 8.2.4),

Changed reference from 7.2.1 to 8.2.4

28.    Clause 8.5.2 f)
a.    ISO 9001 2000 – ‘f) reviewing corrective action taken.
b.    ISO 9001 2008 – ‘f) reviewing the effectiveness of corrective action taken.

This change provides a stated emphasis on the effectiveness of corrective action.  Lack of effective corrective action has often been a criticism of ISO quality management systems.

29.  Clause 8.5.3e)
a.    ISO 9001 2000 – ‘e) reviewing preventive action taken.
b.    ISO 9001 2008 – ‘e) reviewing the effectiveness of preventive action taken.

This change provides a stated emphasis on the effectiveness of preventive action.  As above, a lack of effective preventive action has often been a criticism of ISO quality management systems.

Every effort has been made to provide a complete summary of the changes to the ISO 9001 2008 standard, but if any were missed I apologize.   The comments made as explanation, are my own and do not represent any formal interpretation of any registration or governing body.  I do hope that this information is valuable to you.

No Responses


Leave a Comment

If you would like to make a comment, please fill out the form below.