Clause-by-clause explanation of

ISO 9001:2008

WHITE PAPER
October 29, 2014

Copyright 2014 9001Academy. All rights reserved.

Table of contents
0. INTRODUCTION .................................................................................................. 4
1. PROCESS AND PROCESS APPROACH................................................................... 4
1.1.
1.2.

TERMS AND DEFINITIONS .............................................................................................................................. 4

PROCESS APPROACH IMPACT ......................................................................................................................... 5

2. PROCESS PLANNING .......................................................................................... 6

2.1.
2.2.

PROCESS ESTABLISHMENT ............................................................................................................................. 6

PROCESS ANALYSIS ...................................................................................................................................... 7

3. CUSTOMER-FOCUSED ORGANIZATION ................................................................. 7

4. QUALITY MANAGEMENT SYSTEM ......................................................................... 7
4.1.
GENERAL ................................................................................................................................................... 7
4.2.
DOCUMENT REQUIREMENTS .......................................................................................................................... 9
4.2.1.
General .......................................................................................................................................... 9
4.2.2.
Quality Manual .............................................................................................................................. 9
4.2.3.
Control of documents .................................................................................................................... 9
4.2.4.
Control of records .......................................................................................................................... 9

5. MANAGEMENT RESPONSIBILITY .......................................................................... 9

5.1.
MANAGEMENT COMMITMENT ....................................................................................................................... 9
5.2.
CUSTOMER FOCUS ..................................................................................................................................... 10
5.3.
QUALITY POLICY ........................................................................................................................................ 10
5.4.
PLANNING ............................................................................................................................................... 10
5.4.1.
Quality objectives ........................................................................................................................ 10
5.4.2.
Quality management system planning ........................................................................................ 10
5.5.
RESPONSIBILITY, AUTHORITY AND COMMUNICATION ........................................................................................ 10
5.5.1.
Responsibility and authority ........................................................................................................ 10
5.5.2.
Management representative ....................................................................................................... 10
5.5.3.
Internal communication .............................................................................................................. 11
5.6.
MANAGEMENT REVIEW .............................................................................................................................. 11
5.6.1.
General ........................................................................................................................................ 11
5.6.2.
Review input ................................................................................................................................ 11
5.6.3.
Review output .............................................................................................................................. 12

6. RESOURCE MANAGEMENT ................................................................................ 12

6.1.
PROVISION OF RESOURCES .......................................................................................................................... 12
6.2.
HUMAN RESOURCES .................................................................................................................................. 12
6.2.1.
General ........................................................................................................................................ 12
6.2.2.
Competence, training and awareness ......................................................................................... 12
6.3.
INFRASTRUCTURE ...................................................................................................................................... 13
6.4.
WORK ENVIRONMENT ................................................................................................................................ 13

Copyright 2014 9001Academy. All rights reserved.

7. PRODUCT REALIZATION .................................................................................... 13

7.1.
PLANNING OF PRODUCT REALIZATION ............................................................................................................ 13
7.2.
CUSTOMER-RELATED PROCESSES .................................................................................................................. 13
7.2.1.
Determination of requirements related to the product ............................................................... 13
7.2.2.
Review of requirements related to the product ........................................................................... 14
7.2.3.
Customer communication............................................................................................................ 14
7.3.
DESIGN AND DEVELOPMENT ........................................................................................................................ 14
7.3.1.
Design and development planning .............................................................................................. 14
7.3.2.
Design and development inputs .................................................................................................. 14
7.3.3.
Design and development outputs ................................................................................................ 14
7.3.4.
Design and development review ................................................................................................. 15
7.3.5.
Design and development verification .......................................................................................... 15
7.3.6.
Design and development validation ............................................................................................ 15
7.3.7.
Control of design and development changes .............................................................................. 15
7.4.
PURCHASING ............................................................................................................................................ 15
7.4.1.
Purchasing process ...................................................................................................................... 15
7.4.2.
Purchasing information ............................................................................................................... 15
7.4.3.
Verification of purchased product ............................................................................................... 15
7.5.
PRODUCTION AND SERVICE PROVISION .......................................................................................................... 16
7.5.1.
Control of production and service provision ................................................................................ 16
7.5.2.
Validation of process for production and service provision ......................................................... 16
7.5.3.
Identification and traceability ..................................................................................................... 16
7.5.4.
Customer property ....................................................................................................................... 16
7.5.5.
Preservation of product ............................................................................................................... 17
7.6.
CONTROL OF MONITORING AND MEASURING EQUIPMENT.................................................................................. 17

8. MEASUREMENT, ANALYSIS AND IMPROVEMENT ................................................. 17

8.1.
GENERAL ................................................................................................................................................. 17
8.2.
MONITORING AND MEASUREMENT ............................................................................................................... 17
8.2.1.
Customer satisfaction .................................................................................................................. 17
8.2.2.
Internal audit ............................................................................................................................... 17
8.2.3.
Monitoring and measurement of processes ................................................................................ 18
8.2.4.
Monitoring and measurement of product ................................................................................... 18
8.3.
CONTROL OF NONCONFORMING PRODUCT ..................................................................................................... 18
8.4.
ANALYSIS OF DATA..................................................................................................................................... 19
8.5.
IMPROVEMENT ......................................................................................................................................... 19
8.5.1.
Continual improvement ............................................................................................................... 19
8.5.2.
Corrective actions ........................................................................................................................ 19
8.5.3.
Preventive actions ....................................................................................................................... 20

Copyright 2014 9001Academy. All rights reserved.

0. Introduction
Management systems are often seen as difficult administrative burdens that have marginal contribution to
business. Many organizations with integrated management systems havent effectively defined processes and
havent taken necessary actions. This could be because they think that ISO 9001 separates them from the way
they do their business, and limits their management system to simple checklists and work instructions. By
sticking to these beliefs, organizations are missing significant opportunities to improve their business.
This handbook is meant for management representatives in organizations that decided to implement ISO
900. For easier understanding of standards requirements and how to implement them, the main chapters
(from 4 to 8) are ordered the same way as in the standard.

1. Process and process approach

1.1.

Terms and definitions

Process is usually defined as a group of repeatable, interactive activities that consume resources and are
managed in such a way as to allow transformation of input into output elements.
Process approach adding business value and minimizing risk, is an application of the process system
within an organization, together with identification and interaction of processes and process management in
order to achieve desired results.
When activities and related resources are managed as a process, then the process approach is an overview of
sequences and interactions of processes, their inputs and outputs. It refers to the management system not
only as a document, but as an active process system that refers to business risks and customer requirements.
A process-based audit will bring questions such as: Who is the process owner? and What are your
customer requirements? rather than Show me your procedures.
Input is something that starts a process, like employees, resources, and machines. There are usually
multiple inputs to a process.
Output is the result of a process; it can be desired (product and/or service) or undesired (pollution, noise,
gas emissions, etc.). The output of one process can be an input into the next one.

Copyright 2014 9001Academy. All rights reserved.

1.2.

Process approach impact

Besides using a process approach, every organization that wants to certify its management system must
comply with the requirements of the standard, but the standard alone doesnt add value to an organization,
or benefits to upper management.
A process-based management system is a useful tool that provides continuity through operations, creating a
link between policies, requirements, performances, objectives, and actions.

Input elements
(Specified requirements and resourcesI)

Monitoring and
measurement

Interacting activities and managing methods

Control
- Documents
- Work instructions
- Diagrams...

Output elements

EMS
Undesired output
- Waste
- Write offs
- Noise and vibrations Emissions

Desired output
- Product/Service
- Input to another process

OHSAS

Process effectivenes =

Process efficiency =

Capability of achieving desired results

Achieved results compared against

used resources

Figure 1 Generic process

A process approach is a good way to organize and manage activities in order to create value for users and
other interested parties.
End users or other interested parties are not known to everyone in the organization. That is the reason why
the higher priority often is given to accomplishing short-term objectives of organization units rather than
dealing with problems emerging in interactions between organization units. This leads to small or negligible
improvement for interested parties, since the focus is on functions rather than the intended result.
The process approach introduces horizontal management by removing obstacles between different operation
units and unifying their objectives into main objectives of the organization.

Copyright 2014 9001Academy. All rights reserved.

Organizational performance can be improved by using a process approach. The process should be managed
as a system, by creating and understanding related processes and their links.

2. Process planning
2.1.

Process establishment

The following methodology can be used for every type of process, though this series of steps represents just
one method, which isnt the only prescribed method. Some of the steps can be performed simultaneously.
Process planning may include the following steps in the process approach:
1)

Determine activities inside of process determine all activities necessary for accomplishing the
intended output elements of the process.

Tip: Define all required input and output elements of the process. Determine all activities needed for
transforming input elements into desired output elements; define their order and interaction and method of
performing each activity.
Note: In some cases, user can specify the method of process realization.
2) Determine requirements for monitoring and measurement determine where and how the
measurement should be applied. This refers to management and improvement of the process and its
intended output elements.
Tip: Identify measurements and monitoring criteria for process performance in order to determine process
effectiveness and efficiency, considering elements such as:
Compliance with requirements
Customer satisfaction
Suppliers performance
Timeliness of delivery, the best time, the number of failures per time unit
Waste
Process expenses
Incident frequency

3) Determine needed resources determine consumption of resources for effective realization of each
process.
Tip: Examples of resources:
Human resources
Infrastructure
Work environment
Information
Natural resources
Materials
Financial resources

4) Verify process and its activities related to planned objectives confirm that the characteristics
of the process are consistent with the purpose of the organization.
Copyright 2014 9001Academy. All rights reserved.

Tip: Verify that all requirements are identified and fulfilled; if not, consider what additional activities are
needed to improve the process.

2.2.

Process analysis

Information acquired during measurement and monitoring of processes is analyzed and evaluated in order to
quantify process performances. When appropriate, statistical methods should be used.
Information about process performance is compared with defined process requirements in order to confirm
process effectiveness and determine the need for corrective actions.
Opportunities for process improvement are identified based on results of process information analysis.
The conclusion of the process analysis is reported to top-level management and to other relevant staff in the
organization, if appropriate.

3. Customer-focused organization
Customer focus imbues the standard and represents the base on which the standard is created; ISO
9001:2008 emphasizes customer satisfaction through fulfillment of its requirements. This can be realized
through the following steps:
1) Defining customer/client requirements for (product/service) availability, delivery, supporting
services, specifications, and performance.
2) Determining customer requirements emerging from contractual, legal, or regulatory requirements.
3) Conducting customer requirements review before organization obliges itself to deliver
product/service. The review should ensure that requirements are defined, documented, or confirmed
in another way, that all differences are resolved, and that the organization is capable of delivering.
4) Maintaining records that emerged from the review and the steps that follow.
5) When customer requirements for products/service are changed, the organization must change the
appropriate documents and notify people involved.
6) Determining communication channels with customer/client for information regarding product
information, requirements, contracts, orders, and feedback from customer/client.
7) Reviewing and evaluating all implemented elements.

4. Quality Management System

4.1.

General

According to the requirements of ISO 9001:2008, an organization must:

Establish. Establishing a QMS entails the planning phase, which includes:

Copyright 2014 9001Academy. All rights reserved.

Defining the purpose of the organization The organization should identify its users and other
interested parties; as well as their requirements, needs, and expectations in order to determine its
intended output elements.
Defining policy and objectives of the organization The organizations policy should be based on
analysis of requirements, needs, and expectations. The policy should provide the framework for
establishing the organizations objectives.

Document. The organization must determine process documentation, i.e., determine which processes need
to be documented. The main purpose of documentation is to enable consistent and stable process execution.
Determining which processes should be documented should be based on:

Size of organization and type of its activities

Complexity of its processes and their interaction
Employees competence

Process documenting can be done using several different methods: graphical, written instructions, control
charts, flowcharts, etc.
Apply and maintain quality management system. Once you have documented your QMS, you must
behave in the way you defined within your QMS documentation.
Continually improve QMS effectiveness. Continual improvement is ongoing activity to increase
capability to fulfill planned requirements set by the QMS.
Further, this clause requires the organization to:
Determine processes necessary for the quality management system and apply them
throughout the organization. These processes include management, resources, realization and
measurement, analyzing, and improvement. The organization must manage these processes and appoint a
process owner for each process. Top-level management must determine individual roles and responsibilities
to ensure application, maintenance, and improvement of each process and its interaction with other
processes.
Determine order and interaction between processes. While determining order and interactions
between processes, the following should be considered:
-

User for each process

Inputs and outputs of each process
Which processes are related?
Logical sequence and order of related processes
Effectiveness and efficiency of each process

Determine criteria and methods needed to ensure process execution and effectiveness of
process management. (see chapters 7 and 8)
Ensure availability of resources and information needed for support of processes and their
monitoring. (see chapter 6)
Monitor, measure and, when appropriate, analyze the processes. (see chapter 8)
Apply actions needed for accomplishing planned results and continuous process
improvement.

Copyright 2014 9001Academy. All rights reserved.

4.2.

Document requirements

4.2.1. General
The QMS must be documented and the volume of documentation suited to the organizations needs, size and
type of activities, processes, and employees competence.
QMS documentation contains:
a) Documents explicitly required by ISO 9001:2008 Quality Policy, Quality Objectives, Quality Manual
and 6 mandatory procedures and 21 mandatory records.
b) Documents and records defined by the organization as necessary procedures describing processes,
instructions for some activities, flowcharts, quality plans, records of monitoring and measurement,
etc.

4.2.2. Quality Manual

The standard requires the organization to establish and maintain a quality manual. This is a high-level
document, and it contains:

Purpose and scope defines the organization and its organizational structure, responsibilities and
authorities, location, and its business
Details about exclusions and their justification (exclusions can be made only in clause 7)
Procedures or reference to them the Quality Manual can contain all procedures or refer to procedures
Description of interactions between processes this is usually given through a process model or
process map, which can be part of the Quality Manual or given as a separate document

4.2.3. Control of documents

The standard requires you to establish a documented procedure that defines control of documents.
The documents will be reviewed periodically and updated with new information regarding processes. All
changes must be identified, and if they change the essence of the document, then a new version of the
document is issued. You must ensure that the old document is removed from the place of use and replaced
with the new version.

4.2.4. Control of records

Record control should be determined with an appropriate procedure that prescribes the method of
identifying, preserving, and protecting records. Usually, the records are kept on a custom form you define
based on standard requirements and your needs. Once filled in and signed, these forms become important
documents that serve as evidence of performing certain activities, and they demonstrate conformity with
standard requirements and the effectiveness of your QMS.

5. Management responsibility
5.1.

Management commitment

QMS implementation is your strategic decision that demonstrates your commitment to development and
application of the QMS and continual improvement of its effectiveness. This commitment must be
demonstrated through informing the organization about the importance of fulfilling customer requirements,
Copyright 2014 9001Academy. All rights reserved.

compliance with legal and other requirements, establishing a quality policy and objectives, conducting
management reviews, and providing needed resources.

5.2.

Customer focus

In the QMS process model, the users make requirements for a product on one side, and demonstrate their
reaction by expressing their satisfaction with the product on the other side. Those requirements must be
identified and fulfilled in a way that increases customer satisfaction.

5.3.

Quality policy

The quality policy is a high-level document containing statements about the general direction of the
organization, and its commitment to quality and customer satisfaction. It provides a framework for quality
objectives and must be communicated to employees in a way they understand.

5.4.

Planning

5.4.1. Quality objectives

The standard requires top-level management to establish quality objectives for appropriate functions and
departments in the organization (HR, production, purchase, etc.).
Quality objectives must be measurable, quantitative, and timed. They must be in line with the quality policy
so it can be determined whether objectives are met, and if not, what should be done.

5.4.2. Quality management system planning

The top-level management must plan the quality management system in order to:
Fulfill requirements of clause 4.1 ISO 9001:2008 standard. Most of these activities are performed
during implementation of the QMS; new needs for planning can emerge from changes to a process or
product/service, identifying possibilities for improvement, audits, etc.
Accomplish quality objectives. In order to accomplish quality objectives, the organization must plan
resources, deadlines, responsibilities, and appropriate evidences. Since the objectives are changeable,
this planning is a continuous process.
Also, the top-level management is required to maintain the integrity of the QMS when changes are planned
and implemented in the quality management system.

5.5.

Responsibility, authority and communication

5.5.1. Responsibility and authority

Responsibilities and authorities must be precisely defined and communicated to all hierarchical levels of the
organization. In specific situations (seasonal fluctuation of labor force, emergency situations, etc.), it is
necessary to precisely document and communicate authorities, and especially the responsibilities of
temporarily employed workers.

5.5.2. Management representative

Copyright 2014 9001Academy. All rights reserved.

10

The top-level management must appoint one of its members to be the management representative who will,
besides his regular duties, perform activities related to the QMS. The management representative cant be
someone outside the organization, and if the organization has multiple locations, it can appoint management
representatives for each location who are subordinate to one head management representative.

5.5.3. Internal communication

Top-level management must establish communication processes in the organization. Basic directions of
organizational communication are:
Communication downwards (from manager to employee) It is used for giving orders, coordination,
and evaluation of employees; it can be performed by any means of interpersonal communication.
Communication upwards (from employee to manager) In this kind of communication, managers
find out what employees think about their workplace, colleagues, organization, and ideas for business
improvement. Some examples of this communications are reports, suggestion boxes, etc.

5.6.

Management review

5.6.1. General
At least once a year, the top-level management must review the QMS in order to determine its:
Appropriateness does it serve its purpose and satisfy the needs of the organization?
Adequacy does the QMS conform to standard requirements?
Applicability are activities performed according to procedures?
Effective does it accomplish planned results?
This review must evaluate possibilities for improvement and needs for changing the QMS, quality policy, and
objectives.
The difference between the management review and an audit is that results from an audit represent input
elements for the management review, just like data analysis (clause 8.4 of ISO 9001:2008).

5.6.2. Review input

Sources of information for the review are:
Audit results. Audit results (both external and internal) are usually contained in an audit report, and are
defined as commendations (identified best practices), recommendations that dont have the status of a
nonconformity, and nonconformities (minor and major).
Customer reaction. One of the best indicators of the successfulness of your QMS is customer reaction
(both positive and negative). Expressed discontent with some parts of your QMS and/or product is sufficient
reason to ask yourself what youre doing wrong, and make improvements.
Process performance and product conformity. You need to establish key performance indicators for
each process, i.e., process objectives. Level of fulfillment of these objectives is a good basis for improvement
of the process and the whole QMS.
Additional actions derived from previous management reviews. If you havent completely or
adequately performed actions determined on a previous management review, you need to define new
(additional) actions on the current review. This includes analysis of reasons for not performing actions from
the previous management review.

Copyright 2014 9001Academy. All rights reserved.

11

Changes that can influence the QMS. Management review can be undertaken several times if changes
in a process or product are planned or implemented. This review must ensure that your QMS is adequate and
applied before and after the change.
Recommendations for improvement. Recommendations for improvement can come as the result of an
audit, or can be stated by a process owner and/or employees. The top-level management should consider
those recommendations, taking into account the time and financial aspects.

5.6.3. Review output

The results of a management review are conclusions, and the actions emerging from those conclusions. The
management review should result in conclusions regarding:
Improvement of effectiveness of the QMS and its processes. The effectiveness of the QMS and its
processes can be improved by determining whether the processes produce the required results and taking
actions to make processes provide satisfying results.
Product improvement related to customer requirements. Customer requirements can easily be
implemented in a product in individual production (for familiar customers, according to project). In the case
of mass production, systematic market research will be needed.
Resources needed. The management review is a good opportunity to review the need for resources. If you
determine new needs for resources, then you should conduct an emergency management review to analyze
these needs, considering the financial aspects.
The standard requires you to keep records about management review considering inputs and outputs,
together with actions that should be taken.

6. Resource management
6.1.

Provision of resources

You must provide resources (people, finance, infrastructure, etc.) in order to apply and maintain the QMS
and continually improve its effectiveness, and increase the level of customer satisfaction through fulfillment
of their requirements. Resources need to be reviewed periodically (especially if you increase business
volume) to determine whether the available resources are enough or if you need to provide more.

6.2.

Human resources

6.2.1. General
It is necessary to have a list of all jobs and their descriptions with necessary competence and defined
responsibilities for the entire organization.

6.2.2. Competence, training and awareness

Copyright 2014 9001Academy. All rights reserved.

12

In order to reach necessary competence, the standard allows you to, besides training, take other actions.
Such action can be, for example, to hire already trained and competent employees or to outsource some
activities and processes.
Also, you must evaluate the effectiveness of undertaken actions. Criteria for effectiveness can be the number
of employees who successfully completed training, whether the training is performed according to plan, etc.
Each training must be backed with appropriate records (record of attendance, certificates, etc.) and entered
into the employees personnel file.

6.3.

Infrastructure

The infrastructure includes buildings, workspace, equipment, process equipment (hardware and software),
and support services. Many requirements for infrastructure could be included in legislation.

6.4.

Work environment

Working conditions (humidity, noise, light, temperature, vibration, etc.) are also, in most cases, defined by
legislation.

7. Product realization
7.1.

Planning of product realization

All activities regarding product realization must be planned, as well as the method of realization, for example
defining quality objectives, product requirements, customer requirements, and product acceptance criteria.
Outputs of product realization planning can be quality plans, project plan, etc.

7.2.

Customer-related processes

7.2.1. Determination of requirements related to the product

You must understand your customer requirements and know how to fulfill them. That is why the
organization must determine:

Requirements specified by user, including requirements for delivery and after delivery activities. The
customer usually defines its requirements in the order, contract, or agreement. Delivery activities
include defining means of transport and deadlines, and post-delivery activities are related to
installation, maintenance, or some other contractual obligation.
Requirements that the customer hasnt stated, but are necessary for specific or intended use. Those
are requirements that the organization recognized and implemented into the product (for example
instruction manuals, safety requirements, etc.).

Copyright 2014 9001Academy. All rights reserved.

13

Legal and regulatory requirements regarding product. Many products must fulfill certain legal
requirements, such as maximum concentration of substances or functional and safety characteristics.
Fulfillment of such requirements is mandatory and it is usually proven by reports from (accredited)
laboratories.
All additional requirements that the organization find necessary. Besides the above mentioned, the
organization can define some additional product requirements.

7.2.2. Review of requirements related to the product

After receiving the order, the organization must, prior to delivery, review the requirements related to the
product and keep records about the review. If the customer changes its requirements, it also must be
reviewed and recorded. Records of product requirements review must be kept.

7.2.3. Customer communication

Good communication with customers can provide valuable information about the product and customer
satisfaction. The organization must appoint a person for contact with customers, especially for orders, their
changes, and complaints.

7.3.

Design and development

This clause refers to design and development management, from initial idea to final acceptance of product.
ISO 9000 explains that the terms design and development are often used as synonyms, and sometimes
define different phases of overall design and development. This means that design cant be used apart from
development, and that they represent one single process.

7.3.1. Design and development planning

Design and development can be performed by one employee who will be responsible for design and
development execution. If design and development are performed by a team, the responsibilities must be
clearly defined; if other parties are involved in this process, then effective communication must be
established.
During design and development planning, all its phases must be defined with appropriate activities of
reviewing, verification and validation for each phase.

7.3.2. Design and development inputs

Considering that ISO 9001 refers to design and development of product (not design and development of
processes), design and development inputs relate to product requirements that include:

Functional requirements and product performance requirements

Legal and regulatory requirements for product
Information from previous similar projects
Other requirements relevant to design and development, usually customer requirements, market
information, package, etc.

Design and development inputs must be documented.

7.3.3. Design and development outputs

Design and development outputs must be in a form suitable for verification related to input elements and
must be approved before acceptance. They can be in the form of a drawing, engineering documentation,
plans, etc.
Copyright 2014 9001Academy. All rights reserved.

14

7.3.4. Design and development review

The purpose of this activity is to determine whether the design and development process goes in the intended
direction. The review can be done in appropriate phases or at the end of project.
The review identifies problems during design and development and suggests actions to resolve them; it can
include other interested parties. The design and development review must be documented.

7.3.5. Design and development verification

Verification determines whether the design and development results fulfill the input requirements. It can be
done in phases or at the end of project. Method of verification is defined and documented in the design and
development plan.
If the results of design and development dont suit the input requirements, appropriate decisions must be
made and recorded and this record will be input to the next review.

7.3.6. Design and development validation

Validation determines whether the product can fulfill requirements for intended use; it is performed before
delivery or use of product and must be documented.
If the results of design and development validation dont suit the needs, appropriate decisions must be made
and recorded and this record will be input to the next review.
Validation is a simple process, but in some cases it can be very complex and include computer simulation,
animations, modeling, etc.

7.3.7. Control of design and development changes

Changes in design and development can happen in every phase; they must be reviewed, verified, validated
and approved before application. Records about changes must be kept.

7.4.

Purchasing

7.4.1. Purchasing process

Purchasing includes products and services you acquire from suppliers and outsourced processes. You need to
establish and document criteria for suppliers selection, which includes how crucial the purchased product or
service is to the quality of your product. Results of the supplier evaluation must be kept.

7.4.2. Purchasing information

The standard requires purchasing to include, where applicable:

Requirements for approval of products, processes and equipment

Requirements for employee competence
Requirements for quality management system

These requirements are usually directed at suppliers that need to deliver you key products/services, and
verifying compliance with requirements is conducted on the premises of the suppliers.

7.4.3. Verification of purchased product

Copyright 2014 9001Academy. All rights reserved.

15

The organization must ensure that purchased product suits its requirements; in some cases, the organization
can conduct the monitoring and measurements at the premises of the suppliers. Such verification must be
part of the contract with the supplier.

7.5.

Production and service provision

7.5.1. Control of production and service provision

The conditions in which the production and service provision is executed are crucial for successful delivery of
product/service. These conditions include:
1) Availability of information regarding product characteristics. Information describing product
characteristics can be contained in the project plan, product specification, etc.
2) Availability of working instructions, where needed. It is necessary to provide clear working
instructions at the place of application (execution of activities); if the instructions are not enough, then
training must be performed.
3) Availability and usage of monitoring and measurement equipment. Depending on process and/or
product, the organization must have appropriate monitoring and measuring equipment that must be
calibrated periodically.

7.5.2. Validation of process for production and service provision

Validation is performed before or during process execution when process outputs cant be verified with later
monitoring and measurement and product defects are identifiable after using the product or service
provision. It also demonstrates the capability of the process to deliver the intended results.
During identification and planning of such processes, the organization must determine appropriate
preferences, including:
1) Defined criteria for process review and approval. Criteria for process review and approval are defined
requirements that need to be met so the process can deliver the desired results. Validation can be
conducted by computer simulations and testing.
2) Using special methods and procedures. In quality plans you can refer to all specific working methods
and procedures, manuals, and instructions, which are necessary to apply for undisturbed processes
execution.
3) Requirements for records. Records about verification activities must be kept. In most cases they rely
on criteria for reviewing and process approving.
4) Revalidation. Validation will be repeated if there is a change in the product and/or process, and if
previous validation didnt confirmed the capability of the process to fulfill the requirements for the
product. In that case, additional criteria must be established for reviewing and approving processes,
equipment, and competence of the staff. That can lead to establishing new methods and procedures;
validation records must be kept.

7.5.3. Identification and traceability

Traceability is the possibility to follow the history, application, or location of what is considered (ISO 9000).
When it is about a product, traceability may refer to the origin of the product, material and parts, history of
processing (in which process phase is the product, material, or part), distribution, and product location after
delivery.
Where traceability is needed, the organization must establish a unique identification system for the product
and maintain records.

7.5.4. Customer property

Copyright 2014 9001Academy. All rights reserved.

16

Materials, equipment, personal data, or intellectual property given by the customer for product realization,
represents customer property. If this property is lost, damaged, or unfit for use, the customer must be
notified and communication must be recorded.

7.5.5. Preservation of product

The product and its components must be kept throughout the whole process of realization and delivery to the
planned destination, for example, temperature, sterile conditions, etc.
An established traceability system can ease product withdrawal from the market.

7.6.

Control of monitoring and measuring equipment

Monitoring is the activity of observation and supervision (audit) for some time period. That can, but does not
necessarily, result in measurement data. Monitoring gives a status indication or status change. It can be done
by person or device.
Measuring is defined as a set of operations aiming to determine the value of a quantity. Equipment for
measuring may (or must) be calibrated, while equipment for monitoring may be validated, but not calibrated.
If measuring equipment is invalid, it must be determined at what stage the malfunction occurred to
determine eventual consequences.
The organization must maintain records about calibration and verification of measuring equipment.

8. Measurement, analysis and improvement

8.1.

General

This requirement should not be equated with the requirement for managing equipment for monitoring and
measuring from clause 7.6 of the standard. This is about a wider aspect of monitoring and measuring.
Information derived from monitoring, measurement, and analysis represents input in the process of
improvement and management review.

8.2.

Monitoring and measurement

8.2.1. Customer satisfaction

Here it is required to measure your own performance as a supplier in order to get information about users
observations, and the extent to which you fulfilled their requirements. Monitoring customer satisfaction level
must be a constant activity in order to determine trends, and because opinion about your performance is
changeable. Information about customer satisfaction can be collected via phone, interview and
questionnaire, direct contact with the user on the field, etc.

8.2.2. Internal audit

Copyright 2014 9001Academy. All rights reserved.

17

The goal of an internal audit is not to determine nonconformity; its goal is to check whether your QMS:
a) Complies with the requirements of ISO 9001 and requirements of your organization
b) Is effectively implemented and maintained
At the end of the audit you will get audit results by evaluating data you collected during the audit. Audit
results can be manifested as: praise, recommendations for improvements, and nonconformities (major and
minor). Verification of taken actions can be needed, and in that case the next step is a follow-up audit.
A documented procedure for internal audit must be established and records about internal audits must be
kept.

8.2.3. Monitoring and measurement of processes

By planning a process, you determine the results to be achieved during process realization. To show the
capability of the process to achieve planned results, you must define suitable methods for monitoring and
measuring of process performance.
For measuring a process, it is necessary to clearly define the performance of the process.

8.2.4. Monitoring and measurement of product

Clearly defined characteristics of a product to monitor and measure may be included in project
documentation, product specification, product description, users requirements, etc. Monitoring and
measurement of a product sometimes can be conducted during monitoring and measurement of a process. In
each case, measuring of the product (dimensions, microbiological and chemical analyses, safety
requirements, etc.) must be supported by calibrated measuring equipment and proper devices for
monitoring. Monitoring can be done visually in cases like comparison of color, etc.
When deviation from defined product characteristics is identified, the delivery will be approved by a relevant
authority, and eventually, by the customer, or you will follow the requirements of clause 8.3 Control of
nonconforming product.

8.3.

Control of nonconforming product

Product that does not conform to product requirements can be detected during the realization process (while
is still at the supplier) delivery must be stopped, or after delivery (when it is at the customer or on the
market) undesirable use must be prevented. For managing products that have a nonconformity, an
appropriate procedure must be established that suits the needs of the organization, and appropriate records
should be kept.
Non-conforming product must be treated by one or more of the following ways:
1)

Taking actions to remove detected nonconformity

Options for removal of detected nonconformity can be :

a) Correction as a measure to remove a detected nonconformity may involve modification, to conform
product to the requirements, or correction as a measure to affect parts of nonconforming products or
their replacement to make it acceptable for the intended use.
b) Approving its use, release, or acceptance based on subsequent approval from the relevant institution
and, where applicable, from the user.

Copyright 2014 9001Academy. All rights reserved.

18

Subsequent approval is approval for use or acceptance of product that does not conform to the specified
requirements. If it is determined that requirements for product safety, microbiological and chemical
parameters are above determined values, product use cant be subsequently approved.
2) Taking actions to stop its original planned use or application.
By applying this action, the product is given write-off status and a decision for its recycling or destruction is
made.
If there is the assessment that nonconforming product will result in serious consequences for the user (for
example: injury, disease, death) or can affect a wider geographical area, a decision about informing the public
and product withdrawal must be made.

8.4.

Analysis of data

During planning and maintaining your QMS, you will create a variety of different data; you must group and
analyze them in such a way that you can discover some trends that may indicate problems in your QMS, and
show you space to improve. Results can be input in a management review.

8.5.

Improvement

8.5.1. Continual improvement

Appropriate activities must be taken in order to ensure continual improvement of your QMS. Those activities
represent the process of taking actions based on quality policy and objectives, audit results, data analyses,
corrective and preventive actions, and management review.

8.5.2. Corrective actions

Corrective action is taken when a nonconformity is discovered internal (on product or QMS), and external
nonconformity from external sources, like customer complaints, reports of relevant institutions, etc. A
corrective action is intended to remove the cause of the nonconformity and prevent its reoccurring, and
records about corrective action must be kept.
A documented procedure must define requirements for:
Reviewing nonconformity (including customer complaints).Reviewing a nonconformity involves
consideration of the place where the nonconformity is discovered and occurred, origin of the nonconformity,
consequences, etc. That is how you will decide whether to take corrective action or just correction. Customer
complaints could be reviewed, for example from the standpoint of their merits.
Determining the causes of nonconformities. It is very useful to have some mechanism to determine
the cause of a nonconformity. The point is to take actions to prevent recurrence of nonconformities. There
can be more than one cause of nonconformities. In that case, you must prioritize in which order you will
remove them, and depend on the consequences to define suitable corrective actions.
Evaluating need for actions that will prevent nonconformity recurrence. The scope of corrective
actions and resources for their implementation will depend on the consequences that a nonconformity has on
business results, products, processes, and especially on customer satisfaction. When taking corrective
actions, priorities should be defined.

Copyright 2014 9001Academy. All rights reserved.

19

Defining and application of necessary actions. When defining corrective action or priorities for
implementing more corrective actions, you should apply it, define the person responsible for its
implementation, and ensure the objectives prove that the action is implemented (bill, report, photo, etc.).
Recording results of actions taken. Appropriate records about the results of actions taken must be kept.
Based on these results you can define the status of a corrective action (for example: implemented partially, in
whole, etc.); also, you should take into account the results and status of previous corrective and preventive
actions.
Reviewing effectiveness of actions taken. Actions taken will be effective if there is no reoccurrence of
nonconformity.

8.5.3. Preventive actions

To define preventive actions, data sources that indicate potential nonconformities must be identified. Data
sources could be connected to data analyses, identified trends, statistical results, etc.
Procedure for preventive actions must be documented along with appropriate records.

Copyright 2014 9001Academy. All rights reserved.

20

EPPS Services Ltd.

for electronic business and business consulting
UI. Vladimira Nazora 59, 10000 Zagreb
Croatia, European Union

Email: info@9001academy.com
Phone: +385 1 48 34 120
Phone (for U.S. customers): +1 (646) 797 2744
Fax: +385 1 556 0711

Copyright 2014 9001Academy. All rights reserved.

Copyright 2014 9001Academy. All rights reserved.

21