iso9001 2008 change analysis govind

ISO 9001:2008 Amendment Review for transition guidance

Item Section reference Bullet Para Note ISO 9001:2008 (Red font with Strikethrough are 2000

deletions, blue font are 2008 changes/additions)

Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

0.1 1

The design and implementation of an organization‘s quality management system is influenced by: (a) its business environment, changes in that environment and risks associated with that environment;(b) its varying needs;(c) its particular objectives;(d) the products it provides;(e) the processes it employs;(f) its size and organizational structure.

Guidelines for the design and implementation added to the standard to provide flexibility. Additional guidelines may become available in ISO 9004 (yet to be released)

0.1 4

This International Standard can be used by internal and external parties, including certification bodies, toassess the organization‘s ability to meet customer, statutory and regulatory requirements applicable to theproduct, and the organization‘s own requirements.

This is added to be consistent with the requirements where "related" is changed to "applicable". Statutory was already part of the requirement portion of the standard. Addition to the general introduction is for consistency.

0.2 2

For an organization to function effectively, it has to identify determine and manage numerous linked activities. An activity or set of activities using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process.

Process can be an activity or set of activities. This is corrected to be consistent with definition inISO 9000. The differences between "identify" and "determine" explained in 4.1

0.2 3

The application of a system of processes within an organization, together with the identification andinteractions of these processes, and their management to produce the desired outcome, can be referred to asthe “process approach“.

documents for the processes determined as per 4.1. (a) can also include the measurability.

1.1 1

NOTE 1 In this International Standard, the term “product” applies to (a) a product intended for, or required by, a customer or the product realization processes. (b) any intended output resulting from product realization processes.

The definition of product extended to output resulting from product realization processes.

1.1 2 NOTE 2 Statutory and regulatory requirements may be expressed as legal requirements

In some industries, some states, some countries, the legal requirements may include statutory and regulatory requirements.

1 4.1 a

identify determine the processes needed for the quality management system and their application throughout theorganization (see 1.2), Y N Y

Identify: to recognize or establish as being a particular person or thing;Determine:to conclude or ascertain, as after reasoning, observation, etc.to cause, affect, or control; fix or decide causally. Additional guidelines available for "determine" in ISO 9000:2005.

2 4.1 e monitor, measure (where applicable), and analyse these processes, and Y Y Y documents for the processes determined as per

4.1. (a) can also include the measurability.

1 of 8Govind Ramu, ASQ CQA

Principal Auditor IRCA (UK)




Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

3 4.1 4

Where an organization chooses to outsource any process that affects product conformity with to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourcedprocesses shall be defined within the quality management system.

Y N Y Y Y

Use NOTE3 as a check list to perform due diligence on "outsourced process". Create a table of outsourced process and NOTE3 items to create a matrix.

4 4.1 1

NOTE 1 Processes needed for the quality management system referred to above should include processes for management activities, provision of resources, product realization, and measurement, analysis and improvement.

N Y Y Y

To be consistent with section 8. Measurement, analysis and improvement.

5 4.1 2

NOTE 2 An "outsourced process" is identified as one beingneeded for the organization’s quality management system but chosen to be performed by a party external to the organization.

N Y

There may be hundreds of outsourced processes in an organization. However this definition helps to confine to those processes needed for the organization's QMS.

6 4.1 3

NOTE 3 Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements.The type and nature of control to be applied to the outsourced process may be influenced by factors such as:a) the potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements;b) the extent to which the control for the process is shared;c) the capability of achieving the necessary control through the application of clause 7.4.

N Y

Although this is a note, "does not absolve the organization of the responsibility" is a great addition to the standard. This clearly places the ultimate ownership on the outsourcing organization.

7 4.2.1 c c) documented procedures and records required by this International Standard, and Y Y Y Rephrased for consistency. "Records" added

from earlier bullet (e)

8 4.2.1 d

d) documents, including records, needed determined by the organization to be necessary to ensure the effectiveplanning, operation and control of its processes.,and Y Y Y Y

Rephrased for consistency. Some flexibility added with "to be necessary".

9 4.2.1 e e) records required by this International Standard (see 4.2.4) Y Y Embedded in earlier bullets, no requirement

change.

10 4.2.1 1

NOTE 1 Where the term “documented procedure“ appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.

N Y

Additional clarification on requirement Vs documented procedure to accommodate smaller and bigger organizations.






Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

11 4.2.3 f

to ensure that documents of external origin determined by the organization to be necessary for theplanning and operation of the quality management system are identified and their distribution controlled,and Y Y Y

This addition to requirement takes into consideration practicality of identifying external documents and controlling distribution. There may be many external documents to an organization including photocopier manual to ISO 9001 standard. The change gives flexibility for theorganization to determine external documents that matters.

12 4.2.4 1

Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled.Records shall remain legible, readily identifiable and retrievable. The organization shall establish a documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.Records shall remain legible, readily identifiable and retrievable.

Y Y Y

Rephrased for consistency.

13 5.5.2 1

Top management shall appoint a member of the organization’s management who, irrespective of otherresponsibilities, shall have responsibility and authority that includes.

Y Y Y Y

Clarification to prevent from organizations appointing consultants/ external members of management as Quality Management representative.

14 6.2.1 1

Personnel performing work affecting conformity to product quality requirements shall be competent on the basis ofappropriate education, training, skills and experience. Y N Y Y Y

Conformity to "product requirements" is much broader than "product quality requirements". This is to accommodate safety, statutory, regulatory, legal, etc.

15 6.2.1 1NOTE Conformity to product requirements may be affecteddirectly or indirectly by personnel performing any task within the quality management system.

N Y Y"directly or indirectly" opens up many activities in product lifecycle management.

16 6.2.2 6.2.2 Competence, training and awareness N Y Y No change, rearrangement of words.

17 6.2.2 adetermine the necessary competence for personnel performing work affecting conformity to product qualityrequirements,

Y Y Y Y YRephrased for consistency.

18 6.2.2 b

where applicable, provide training or take other actions to satisfy these needs achieve the necessary competence,

Y N Y Y

"where applicable" and "necessary competence" provides flexibility. However "satisfy" changed to "achieve". This may raise expectations.

19 6.3 c

supporting services (such as transport, or communication or information systems). Y Y Y Y

Since many organizations use Information systems to manage their MES, ERP, documentation control, records control, backup, recovery, etc. this addition is helpful.






Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

20 6.4 1

NOTE The term "work environment" relates to conditions under which work is performed including physical, environmental and other factors (such as noise, temperature, humidity, lighting, or weather). N Y Y

Typically users of the standard interpret temperature, humidity, ESD, MSD, etc as work environment considerations to achieve conformityto product requirements. Now this notes expands to physical (Ergonomics), and factors like noise, lighting , weather etc. This is probably added to include certain work performed outdoor, extreme situation, etc.

21 7.1 b the need to establish processes and documents, and to provide resources specific to the product; N Y No Comments.

22 7.1 c

required verification, validation, monitoring, measurement, inspection and test activities specific to the product and the criteria for product acceptance;

Y Y Y Y

Monitor is to keep track of systematically with a view to collecting information. Measurement is to determine the value of a quantity. That said, one needs to measure in order to monitor. Inspection is evaluating conformity by observation and judgement accompanied by measurement testing or gauging. Testing is determining one or more characteristics according to a procedure.

23 7.2.1 c

statutory and regulatory requirements related applicable to the product, and Y Y Y Y Y

"Applicable" is broader than "related". "Related" requirements may be "applicable". But "applicable" requirements may not necessarily be "related"

24 7.2.1 d

any additional requirements determined considered necessary by the organization. Y Y Y Y

Provides flexibility and also opens up broader for the organization to identify additional requirements from overall product requirements point of view.

25 7.2.1 1

NOTE Post delivery activities include, for example, actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal. N Y Y

Typically users of the standard have considered warranty and maintenance are post delivery activities. Now the note clarifies "supplementary services such as recycling or final disposal" also part of the post delivery activities. With the emphasis on ROHS, WEEE in the recent years, this notes is helpful.

26 7.3.1 1

NOTE Design and development review, verification and validation have distinct purposes. They may be conducted and recorded separately or in any combination as suitable for the product and the organization.

N Y Y

Verification: Did you build the product right? Validation: Did you build the right product? Design and development review: Ensuring that the requirements for building the right product are right.

27 7.3.2 2These The inputs shall be reviewed for adequacy. Requirements shall be complete, unambiguous and not in conflict with each other.

N YNo Comments.






Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

28 7.3.3 1

The outputs of design and development shall be provided in a form that enables in a form suitable for verification against the design and development input and shall be approved prior to release.

Y Y Y

Output in the form of suitability is more straightforward than enabling. An output that enables may require additional work to make it suitable.

29 7.3.3 b provide appropriate information for purchasing, production and for service provision, N Y No Comments.

30 7.3.3 1

NOTE Information for production and service provision can include details for the preservation of product. N Y Y

This is an important note, often ignored when requirement for product conformity are written. This addition of preservation on purchasing information is a useful clarification.

31 7.5.1 d

the availability and use of monitoring and measuring device equipment,

Y Y Y

Measuring Equipment may include instrument, software, (in combination), standard, reference, auxiliary apparatus required to realize a measurement process. Measuring equipment usually has several metrological characteristics, device is a machine or tool used for a particular purpose.

32 7.5.1 f the implementation of product release, delivery and post-delivery activities. Y Y Y Clarification as the release refers to product.

33 7.5.2 1

The organization shall validate any processes for production and service provision where the resulting outputcannot be verified by subsequent monitoring or measurement This includes any processes where and as a consequence, deficiencies become apparent only after the product is in use or the service has been delivered.

Y Y Y

Relating two sentences in way that it is not interpreted separately. (This is the special process scenario as it used to be referred in the earlier versions).

34 7.5.3 2

The organization shall identify the product status with respect to monitoring and measurement requirements throughout product realization. Y N Y Y Y

"throughout product realization" addition will explicitly include identification of product status from product early build (Alpha units).

35 7.5.3 3Where traceability is a requirement, the organization shall control and record the unique identification of the product and maintain records (see 4.2.4).

Y Y YRephrased for consistency.

36 7.5.4 1

If any customer property is lost, damaged orotherwise found to be unsuitable for use, this shall be reported to the customer and records maintained the organization shall report this to the customer and maintain records (see 4.2.4).

Y Y


37 7.5.4 1 NOTE Customer property can include intellectual property and personal data. N Y Y Personal data may include customer quote,

inquiry, correspondence, etc.






Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

38 7.5.5 1

The organization shall preserve the conformity of product during internal processing and delivery to the intended destination in order to maintain conformity to requirements. This As applicable, preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product.

Y Y Y Y

To be consistent with earlier references. Flexibility added to preservation.

39 7.67.6 Control of monitoring and measuring devices equipment Y Y

To be consistent with earlier references. (The term “devices” has a broader scope and could include non-equipment types of tools).

40 7.6 1

The organization shall determine the monitoring and measurement to be undertaken and the monitoring andmeasuring devices equipment needed to provide evidence of conformity of product to determined requirements.(see 7.2.1)

Y Y

To be consistent with earlier references.

41 7.6 a

a) be calibrated or verified, or both, at specified intervals, or prior to use, against measurementstandards traceable to international or national measurement standards; where no such standards exist,the basis used for calibration or verification shall be recorded (see 4.2.4);

Y Y Y Y

To accommodate equipment that require both calibration and verification.

42 7.6 cc) be identified to enable the calibration status to be determined; have identification in order to determine its calibration status;

Y YRephrased for consistency.

43 7.6 1

NOTE See ISO 10012-1 and ISO 10012-2 for guidance Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.

N N Y Y Y

Reference to obsolete standard removed. This is an important note that provides guidance to "software" piece of measuring equipment. It is notuncommon for users to take software for granted. Now with this added note, software will require version controls, CM, and verification.

44 8.1 a to demonstrate conformity of the product to product requirements, Y Y Y No Comments.

45 8.2.1 1

NOTE Monitoring customer perception may include obtaining input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims, dealer reports.

N Y Y

Notes expands various avenues for soliciting and capturing customer perception. It is typical that organization use customer satisfaction survey, user opinion surveys, focus groups, etc. Notes suggests to also expand to other areas.

46 8.2.2 2The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

N YNo Comments.






Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

47 8.2.2 3

The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure. A documented procedure shall be established to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results. Records of the audit and their results shall be maintained (see 4.2.4)

Y Y Y

Rephrased for consistency. Maintaining records of audit results called out as separate sentence for clarity.

48 8.2.2 4

The management responsible for the area being audited shall ensure that any necessary corrections andcorrective actions are taken without undue delay to eliminate detected nonconformities and their causes.

Y Y Y Y Y

Some flexibility added with "any necessary". "corrections and corrective" is for consistency with other requirements.This statement is also calling for broader actions.

49 8.2.2 1 NOTE See ISO 10011-1, ISO 10011-2 and 10011-3 ISO 19011 for guidance. N Y Y Add 19011 to "external document" list.

50 8.2.3 1When planned results are not achieved, correction and corrective action shall be taken, as appropriate. to ensure conformity of the product.

Y Y Y Y8.2.3 is about monitoring and measurement of processes. This may be reason that narrowing to product is removed from the requirement.

51 8.2.3 1

NOTE When determining suitable methods, the organization should consider the type and extent of monitoring or measurement appropriate to each of its processes in relation to their impact on the conformity to product requirements and on the effectiveness of the quality management system.

N Y Y

Note suggests application of documents similar toQuality Plan and control plan to support the implementation of 8.2.3

52 8.2.4 1

This shall be carried out at appropriate stages of the product realization process in accordance with the planned arrangements (see 7.1). Evidence of conformity with the acceptance criteria shall be maintained.

N Y

No Change, sentence moved up from a subsequent para.

53 8.2.4 2

Evidence of conformity with the acceptance criteria shall bemaintained. Records shall indicate the person(s) authorizing release of product for delivery to the customer .(see 4.2.4)

Y Y Y Y Y

Clarification as to which document require authorization. Release of product happens at various stages of product realization.

54 8.2.4 3

Product release and service delivery The release of product and delivery of service to the customer shall not proceed until the planned arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer.

Y Y Y Y Y

Product Service and service delivery might mean something different than the intent of 8.2.4. Added specifics "to the customer".






Req

uire

men

t C

hang

e?

Min

or Im

pact

?

Lang

uage

/ G

ram

mat

ical

?

Con

sist

ency

?

Cla

rific

atio

n?

Flex

ibili

ty?

Bro

ader

?

Pres

crip

tive?

COMMENTS

55 8.3 1

The controls and related responsibilities and authorities for dealing with nonconforming product shall be defined in a documented procedure. A documented procedure shall be established to define the controls and related responsibilities and authorities for dealing with nonconforming product.

Y Y Y


56 8.3 2

Where applicable, the organization shall deal with nonconforming product by one or more of the followingways: Y Y Y

Flexibility added to the requirement to accommodate situations where organization doesnot have authority or control to deal with non conforming product.

57 8.3 dby taking action appropriate to the effects, or potential effects, of the nonconformity when nonconformingproduct is detected after delivery or use has started.

N YMoved from para to bullet and rephrased. No change.

58 8.4 b conformity to product requirements (see 7.2.1), (see 8.2.4) Y Y Cross reference corrected.

59 8.4 ccharacteristics and trends of processes and products including opportunities for preventive action, (see 8.2.3 and 8.2.4) and

Y YCross reference added.

60 8.4 d suppliers.(see 7.4) Y Y Cross reference added.

61 8.5.2 1

The organization shall take action to eliminate the causes of nonconformities in order to prevent recurrence.Corrective actions shall be appropriate to the effects of the nonconformities encountered.

Y Y Y

There may be multiple causes for nonconformities. There may be a single significant cause.

62 8.5.2 freviewing effectiveness of the corrective action taken.

Y N Y YEffectiveness: Extent to which planned corrective actions are realized and planned results achieved.

63 8.5.3 freviewing effectiveness of the preventive action taken.

Y N Y YEffectiveness: Extent to which planned preventiveactions are realized and planned results achieved.



iso9001 2008 change analysis govind

Technology