Details the requirement for the planning, implementation and control of the processes needed to meet the requirements for the provision of products and services, and to implement the actions determined in Section 6 (Planning), by:
- Determining the requirements for the products and services;
- Establishing the criteria for:
- The processes;
- The acceptance of products and services;
- Determining the resources needed to achieve conformity to the product and service requirements;
- Implementing control of the processes in accordance with the criteria;
- Determining and keeping documented information to the extent necessary:
- To have confidence that the processes have been carried out as planned;
- To demonstrate the conformity of products and services to their requirements.
The output of this planning must be suitable for the organisation’s operations.
The organisation must control planned changes and review the consequences of unintended changes, taking actions to mitigate any adverse effects, as necessary.
The organisation must ensure that any outsourced processes are controlled.
REQUIREMENTS FOR PRODUCTS AND SERVICES
- Providing information relating to products and services;
- Handling enquiries, contracts or orders, including changes;
- Obtaining customer feedback relating to products and services, including customer complaints;
- Handling or controlling customer property;
- Establishing specific requirements for contingency actions, where relevant.
DETERMINING THE REQUIREMENTS RELATED TO PRODUCTS AND SERVICES
When determining the requirements for products and services to be offered to customers, the following must be addressed:
- The requirements for the products and services are defined, including:
- Any applicable statutory and regulatory requirements;
- Those considered necessary by the organisation
- The organisation can meet the claims for the products and services it offers.
REVIEW OF REQUIREMENTS RELATED TO PRODUCTS AND SERVICES
The organisation must ensure that it has the ability to meet the requirements for products and services being offered to customers. The organisation must conduct a review before committing to supply products and services to a customer to include:
- Requirements specified by the customer, including the requirements for delivery and post-delivery activities;
- Requirements not stated by the customer, but necessary for the specified or intended use, where known;
- Requirements specified by the organisation;
- Statutory and regulatory requirements applicable to the products and services;
- Contract or order requirements differing from those previously expressed are resolved.
- The customer’s requirements must be confirmed by the organisation before acceptance, when the customer does not provide a documented statement of their requirements.
- Where internet sales are involved, a formal review is impractical for each order. Instead the review can cover relevant product information, such as catalogue or advertising material.
- The organisation must retain documented information, as applicable:
- On the results of the review;
- On any new requirements for the products and services.
CHANGES TO REQUIREMENTS FOR PRODUCTS AND SERVICES
The organisation must ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.
DESIGN AND DEVELOPMENT OF PRODUCTS AND SERVICES
Details the requirements that the organisation must establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.
DESIGN AND DEVELOPMENT PLANNING
The stages and controls for design and development including:
- The nature, duration and complexity of the design and development activities;
- The required process stages, including applicable design and development reviews;
- The required design and development verification and validation activities;
- The responsibilities and authorities involved in the design and development process;
- The internal and external resource needs for the design and development of products and services;
- The need to control interfaces between persons involved in the design and development process;
- The need for involvement of customers and users in the design and development process;
- The requirements for subsequent provision of products and services;
- The level of control expected for the design and development process by customers and other relevant interested parties;
- The documented information needed to demonstrate that design and development activities have been met.
DESIGN AND DEVELOPMENT INPUTS
Functional and performance requirements, information derived from previous similar design and development activities, statutory and regulatory requirements, standards or codes of practice that the organisation has committed to implement, potential consequences of failure due to the nature of the products and services.
Inputs must be adequate for design and development purposes, complete and unambiguous.
Conflicting design and development inputs must be resolved
Documented information on design and development inputs must be kept.
DESIGN AND DEVELOPMENT OUTPUTS
- Must meet input requirements;
- Are adequate for the subsequent processes for the provision of products and services;
- Include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria;
- Specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision;
Documented information on design and development inputs must be kept.
CONTROL OF DESIGN AND DEVELOPMENT CHANGES
The organisation must identify, review and control changes made during, or subsequent, to the design and development of products and services, to the extent necessary to endure that there is no adverse impact on conformity to requirements.
Change documented information must include, as appropriate:
- Design and development changes;
- The results of reviews;
- The authorisation of the changes;
- The actions taken to prevent adverse impacts.
CONTROL OF EXTERNALLY PROVIDED PRODUCTS AND SERVICES
Details the requirements the organisation must ensure that externally provided processes, products and services conform to requirements. The organisation must determine the controls to be applied to externally provided processes, products and services, when:
- Products and services from external providers are intended for incorporation into the organisation’s own products and services;
- Products and services are provided directly to the customer(s) by external providers on behalf of the organisation;
- A process, or part of a process, is provided by an external provider as a result of a decision by the organisation.
The organisation must determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or product and services in accordance with requirements.
The organisation must retain documented information of these activities and any necessary actions arising from the evaluations.
TYPE AND EXTENT OF CONTROL
The organisation must ensure that externally provided processes, products and services do not adversely affect the organisations ability to consistently deliver conforming products to its customers.
INFORMATION FOR EXTERNAL PROVIDERS
Details the requirements that the organisation must ensure the adequacy of requirements prior to their communication to the external provider. The organisation must communicate to external providers its requirements for:
- The processes, products or services to be provided;
- The approval of:
- Products and services
- Methods, processes and equipment;
- The release of products and services;
- The external providers’ interactions with the organisation;
- Control and monitoring of the external providers’ performance to be applied to the organisation;
- Verification or validation activities that the organisation, or its customer intends to perform at the external providers’ premises.
PRODUCTION AND SERVICE PROVISION
CONTROL OF PRODUCTION AND SERVICE PROVISION-
Details of the controlled conditions in place for actual product manufacture or service delivery. Controls must be sufficient to ensure that there is quality of consistent conformance to the specification. These may include, as applicable:
- The availability of documented information that defines:
- The characteristics of the products to be produced, the services to be provided, or the activities to be performed;
- The results to be achieved;
- The availability and use of suitable monitoring and measuring resources;
- The implementation of monitoring and measuring activities at appropriate stages to verify that criteria for control processes or outputs, and acceptance criteria for products and services, have been met;
- The use of suitable infrastructure and environment for the operation of processes;
- The appointment of competent persons, including any required qualification;
- The validation, and periodic re-validation, of the ability to achieve planned results of the processes for production And service provision;
- The implementation of actions to prevent human error;
- The implementation of release, delivery and post-delivery activities.
IDENTIFICATION AND TRACEABILITY
Details the requirements that the organisation must use suitable means to identify outputs when it is necessary to ensure the conformity of products and services.
The organisation must identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.
The organisation must control the unique identification of the outputs when traceability is a requirement, and must retain documented information necessary to enable traceability.
PROPERTY BELONGING TO CUSTOMERS OR EXTERNAL PROVIDERS
The organisation must exercise care with property belonging to customers or external providers while under the organisation’s control or being used by the organisation.
The organisation must identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products or services.
When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organisation must report this to the customer or external provider and retain documented information on what has occurred.
This property can include material, components, tools and equipment, premises, intellectual; property and personal data.
Details the requirement for the organisation to preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.
Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.
POST DELIVERY ACTIVITIES
Details the requirements for post-delivery activities associated with products and services. The following must be considered:
- Statutory and regulatory requirements;
- The potential undesired consequences associated with its products and services;
- The nature, use and intended lifetime of its products and services;
- Customer requirements;
- Customer feedback;
- Warranty and servicing, where appropriate and recycling or final disposal.
CONTROL OF CHANGES
Details the requirement to review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.
The organisation must retain documented information describing the results of the review of changes, the person(s) authorising the change, and any necessary actions arising from the change, and any necessary actions arising from the review.
RELEASE OF PRODUCTS AND SERVICES
Details the planned arrangements, at appropriate stages, to verify that the product or service requirements have been met.
The release of products and services to the customer must not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.
The organisation must retain documented information on the release of products and services. The documented information must include:
- Evidence of conformity with acceptance criteria;
- Traceability to the person(s) authorising the release.
CONTROL OF NONCONFORMING PROCESS OUTPUTS
Details the requirements to ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.
The organisation must take appropriate action based on the nature of the nonconformity of products and services. This must also apply to nonconforming products and services. This must also apply to nonconforming products and services detected after delivery of products, during or after provision of services.
The organisation must deal with nonconforming products and services in one of the following ways;
- Segregation, containment, return or suspension of provision of products and services;
- Informing the customer
- Obtaining authorisation for acceptance under concession.
Conformity to the requirements to the requirements must be verified when nonconforming outputs are corrected.
The organisation must retain documented information that:
- Describes the nonconformity;
- Describes the actions taken;
- Describes any concessions obtained;
- Identifies the authority deciding the action taken in respect to the nonconformity.