Operation moves into to the ‘doing’ part of the Plan-Do-Check-Act (PDCA) cycle. This clause implements your organisation’s quality management system processes to meet the requirements for the delivery of your products and services and therefore, all interested parties.
Operation planning and control Requires your organisation to establish criteria for planning, implementing and controlling processes identiﬁed in ‘Context of organization’ in order to meet the requirements of all interested parties.
You must determine the process for the delivery of your products and services and implement the actions determined as a result of your risk assessment.
Requirements for products and services
Your organisation must put processes in place to enable communication with customers on matters relating to your products or services. Ensure you have implemented processes to make sure all requirements are known for your products or services, statutory and regulatory and customer requirements.
Make sure your organisation reviews these requirements on a regular basis to ensure you are still meeting the current requirements of all interested parties.
Design and development of products and services
This clause on design and development of products and services has substantially changed and simpliﬁed to allow for a more process orientated approach. There is more of a requirement to involve the customers or users as part of design planning to be considered.
Internal and external resource needs, potential consequences of failure and the level of control expected by customers should be considered as part of your organisations design and development inputs.
You organisation should apply design and development controls that combines the review, veriﬁcation and validation of all requirements.
Make sure your organisation’s outputs from the design and development process meet input requirements and that change to the design and development input or output is controlled.
Control of externally provided processes, products and services The terms which were previously referred to as purchasing and ‘outsourcing’ in the 2008 standard is now ‘Control of externally provided processes, products and services’ and requires your organisation to ensure that they meet speciﬁed requirements.
Your organisation needs to stipulate the type and extent of controls or requirements it wishes to apply to the external provider or supplier. The information your organisation needs to provide for external providers is now more detailed and explicit.
Production and service provision
This clause speciﬁcally considers the monitoring and measurement activities that will ensure the control of your organisation’s processes and outputs or your products and services.
Your organisation must be able to identify and trace you output (product or service) and if necessary, take care of property belonging to customers or external providers to ensure you preserve your organisation’s output.
Post-delivery activity is a new clause and requires your organisation to decide on the extent of the post-delivery activities made to your products or services. It also considers risks associated and determines the nature, use and intended lifetime of your products and services.
It also reviews the potential consequences of changes to control the changes made to the provision of your output.
Release of products and services
The release of products and services to your customers is now part of the operational requirements and your organisation must implement planned activities to verify that the product and service requirements have been met.
Your organisation needs to ensure delivery to the customer shall not proceed until the planned arrangements verify product or service conformity, unless otherwise authorised by a relevant authority. Ensure your documented information provides traceability of the person authorising the release of the products or services to the customer.
Key change from ISO 9001:2008
Whilst the operation clause is the shortest, it covers most of the quality management systems processes, from enquiry to delivery and post-delivery activities including suppliers and outsourced services.
There is more emphasis on the control of outsourced processes to ensure that the same level of monitoring and management is applied to those carried out in-house.
This section of the standard emphasises the process based approach which should be taken in planning, implementing and measuring the quality management system processes to meet the objectives of your organisation and your interested parties.
The focus should be on ensuring that the desired outcomes of the processes are achieved and not just procedures being followed. The procedures and processes should ultimately be designed to achieve the intended outcomes.