Clause 8.1 Operational Planning and Control (secrets)

Table of Contents

• The Planning Stages
• Criteria For Processes
• Process Checks
• Documents and Records
• Controlling Outsourced Processes.
• Supplier Evaluation Criteria.
• ISO 14001:2015
• ISO 45001:2018
• For auditors:

Do you have detailed plans for the production and provision of your products and services? I hope so! Have those plans been effectively implemented and monitored for effectiveness? Have you a process for controlling production or service provision that is provided by external resources? Are your plans linked to, and driven by any quality objectives? Are internal audits and inspections a part of your planning and control processes? These are all important, key questions that a 3^rd-party auditor is likely to ask and you will be expected to provide evidence to substantiate your answers.

You should have already performed a great deal of planning as per the requirements of clause 6. At the planning stage, you are required to consider both risks and opportunities and these are key inputs to the planning and control of operations. Clause 6.3 planning of changes will also be a key input into the planning for operations. For example, you currently produce a type of disposable wipe that has a plastic content. Anticipating the societal (and potentially legal) need to protect the environment, you have made plans to change the materials used in production to 100% natural products.

Have you made plans to control externally provided products and services? For example, the packaging that holds the disposable wipes is provided externally. Upon investigation, you have found that waste inks from the production process are potentially toxic to the environment. Have you made plans for the safe disposal of this waste product in cooperation with the service provider? We will discuss the requirements for controlling external service providers in more detail when discussing clause 8.4.

The Planning Stages

Based on what we have discussed so far, one can see that the output from this planning will be a set of criteria for the production and delivery of goods and services. Your organisation must implement controls that ensure:

• All planning and design criteria are met;
• All intended outputs meet design criteria and customer requirements;
• Opportunities for improvement are identified.
  
  

The requirements of clause 4.4 QMS and its processes are essentially a high-level equivalent of the requirements of clause 8.1. Clause 4.4 contains the umbrella requirements for all processes whereas clause 8.1 (and all of its sub-clauses) are more specifically focused on the production of products and services. If you have met the requirements of clause 4.4 then you will have satisfied the requirements of clause 8.1

8.1 (a) Requirements for products and services.

This is all about establishing clear lines of communication between your organisation and the customer regarding the requirements for products and services. You are establishing with the customer the exact details of their needs. Miscommunication at this stage could be very costly and so it is vitally important to have a robust process in place. Customer requirements flow through to the design of products and services and are controlled by the following clauses:

8.2.2 Determining the requirements for products and services; these are the specifications for products and services that you are communicating with the customer at this early stage.

8.3 Design and development of products and services; these are the technical design specifications and planning for products and services established by your organisation.

Criteria For Processes

8.1 (b) Criteria for processes

The output criteria from all of the planning activities will be used as the inputs to the operations of your organisation. Criteria for processes has already been discussed in clause 4.4(c) ‘Determine and apply the criteria and methods and this is a repeat of that clause requirement. Criteria are the controls placed upon the processes to ensure that they operate as planned, for example, criteria might include:

• Work instructions
• Hazard identification
• Safety and environmental controls
• Design specifications
• Quality objectives
• Inspections and testing
• Resource requirements
• Training
• Continuous improvement
• Customer communications
• Control of externally provided products and services
• Purchasing
• Delivery
  
  

Process Checks

8.1(b,2) The acceptance of products and services.

If the first you know about a product or service defect is when receiving a customer complaint then you are taking a dangerous ‘reactive’ approach. Ensuring that a product or service meets its design specifications should involve checks at various stages of its life cycle. You can break the product life-cycle down to any number of stages and perform checks at each stage. The more checks you make during the production or service delivery stage the better.

A simple 3-stage check would include:

• Purchasing, materials and design; checks are made to ensure the correct materials are purchased and in the correct quantities. Final checks on the design specifications for products and services are made before the beginning of production or service delivery.
• Process production; checks could include checks for weight, size, shape, colour, strength and temperature etc.
• Final inspection; the last point of call for inspection checks to ensure that physical items meet all design specifications according to those agreed with the customer before the goods are shipped. For services, at the point of first delivery communication and feedback with the customer is where checks for service conformity is made.
  
  

8.1(c) Determining the resources needed for conformity.

We discussed the management systems requirements for resources back in clause 7.1.1 however, the determination of resources here is specifically focused upon the resources required for product production or service delivery. Clause 4.4.1(d) made the same requirement for you to determine the resources for your processes and to ensure that they are made available. The clause 4.4.1 requirement is more general and refers to the management system in general. I think it makes more sense to satisfy the resource requirements at this clause as it is more closely related to product production or service delivery.

8.1(d) Control of the processes against criteria.

These controls might be machine automated such as laser scanning devices or inspections performed by human operators. Controls such as visual inspections should be built into processes and work instruction routines. Operators will require training to ensure that inspections are made according to criteria. Controls are also required to ensure that any required inspections have been performed. For high-risk production items such as those produced for medical use or for aviation, inspection and testing against criteria is critical and should be very tightly controlled.

Documents and Records

8.1(e) Determining, maintaining and retaining documented.

Your organisation determines what documents and records are important to maintain and retain as part of your production and service delivery. Again, thinking about the product or service delivery in terms of its life-cycle is useful here.

Retention of records might include:

• Purchase orders
• Materials checks
• Customer communications
• Design specifications
• Contract agreements
• Machine checks
• Inspection checks
• Final release inspection checks

Documents to maintain could include:

• Process criteria
• Standard operating procedures
• Inspection criteria
• Risk assessments
• Communication procedures
• Error reporting processes
• Emergency processes
  
  

The documents that you maintain and retain will depend upon the context of your organisation and your product or service delivery activities. It’s never a good idea to create and keep unnecessary paperwork just for the sake of trying to impress 3-rd party auditors. Just create and keep what you consider important and essential.

The output of planning.

The output of your planning will be the tangible results of work you performed at many of the clauses so far including; 4.1(context), 4.2(interested parties), 4.4(process planning), 6.2(objectives),6.3 (planning for change) 7.1(resources), 7.2(competence), 7.4(communications), 7.5(documented information), 8.4(control of external resources). I could add more to the list but I think you get the idea. If an auditor asked to see the results of your planning, just produce the output of some or all of these clause requirements.

Controlling change.

There is mention near the bottom of clause 8.1 about the control of both planned and unintended change. Controlled change was discussed in detail in clause 6.3 and for information on that subject read that article. Unplanned changes are will be discussed in clause 8.5.1.

Controlling Outsourced Processes.

An external provider or contractor is referred to as a supplier, e.g., any provider of training, transport, design, assembly, materials that are part of your product or service delivery. It makes sense that all externally provided products or services require control to ensure that your organisation’s finished product or service will conform to the design specifications and customer requirements.

External suppliers are normally vetted against a set of approved supplier criteria. Part of that criteria might include that they are certified to ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018. In fact, it’s quite common that unless an organisation can claim certification against these standards, the bidding process for supplier contracts will be closed to them. The selection of external suppliers can be performed by the use of self-assessment questionnaires, 2^nd-part audits of their management systems, site visits and inspections, and the review of feedback from verified customers. Selection criteria for external suppliers must be documented and their final approval must be authorised by top management.

Supplier Evaluation Criteria.

Criteria are attributes and strengths that your organisation deems important and will guarantee the service provider of a potential supplier. It’s worth mentioning when considering the services of an external supplier, the concept of a risk-based approach should be adopted. If the external supplier is providing products or services to be used in a potentially high-risk environment, then a far more stringent set of selection criteria should be applied.

In general, there are approximately eight common criteria applied to the selection process including:

• Cost; if the service provider is for a low-risk environment or production process, then the lowest bid might be a consideration.
• Quality, safety and environmental management; as mentioned earlier, certification to the standards that control these issues might be a prerequisite of the bidding process.
• Deliver; does the potential supplier have a proven track record of delivering their goods or services on time?
• Service; can the potential supplier guarantee their terms of service delivery such as time scales, quantities, maintenance, customer service and price etc?
• Social responsibility; does the potential supplier have policies that promote the well-being of society and the environment while reducing negative impacts on them?
• Convenience/Simplicity; is the potential supplier going to be convenient to deal with? Are they located geographically in a convenient place and do they have simple, uncomplicated business processes?
• Risk; does the potential supplier pose a risk if their business fails? What level of risk would this incur to your organisation?
• Agility; does the potential supplier have the ability to deliver a broad range of high-quality products and services with short delivery times and varying amounts while providing enhanced value to your organisation’s requirements?
  
  

Your organisation’s supplier criteria selection requirements might be similar to this list or completely different. There are no rules, and what works for one organisation might be very different to what works for others. One of the main determining factors will be risk, and shortly followed by price. Once you have a list of criteria it’s a good idea to arrange it into some form of a hierarchy of importance. Then, assign a points value to each item in the list so that an overall points score can be used to assess potential suppliers against one another.

ISO 14001:2015

Consistent with a life cycle perspective, the organisation shall:

8.1(a) Create controls that ensure environmental requirements for products and services are addressed during each stage of the life cycle process; this is essentially the same as for ISO 9001:2015 but with the emphasis on environmental controls such as noise emission, releases to air, releases to ground substrate and water tables at each stage of the product or service life cycle. Beginning with procurement through to production and finishing with the final disposal of the product or service delivery.

8.1(b) Determine the environmental requirements for the procurement of products or services; are you purchasing materials from locations that result in a high carbon footprint during delivery? Are you delivering a service that relies on carbon powered vehicles when an electric alternative could be justified financially?

8.1(c) Communicate relevant environmental requirements to external providers; do you have a policy that dictates that all power tools used on site are to be battery powered? Do you have a re-use and recycle policy and are have you communicated these requirements to your external providers?

8.1(d) Provide information about transportation, end-of-life treatment and final disposal of products and services; do you have a policy regarding how and when products are sent to landfills? If you provide a food delivery service, are you instructing the end-user on how to dispose of the packaging?

You are required to maintain records that the processes have been performed according to the criteria

.

ISO 45001:2018

The requirement remains the same as for ISO 9001:2015 except for part (d):

8.1.1(d) Adapting work to workers; this includes defining or redefining how work is organised, the induction of new workers, defining work processes and working environments and designing ergonomic workspaces.

For auditors:

• Check that processes for production and service provision exist.
• Check that criteria for the processes have been established.
• Check that work instructions have been designed according to the process criteria.
• Check that work instruction and criteria have been communicated and trained out.
• Check that process or service validation and inspections exist and have been completed.
• Check the process for non-conforming products or service that exists and has been effectively applied.
• Check for links between the planning stage of 6.1 and the operations 8.1 that exists and has been applied.
• Check the internal audit records for clause 8.1 to identify if any non-conformances exist and how they were fixed with corrective actions.
• Check that life cycle environmental concerns have been discussed and improvements have been made where possible.
• Check that environmental/safety requirements have been communicated to external suppliers.
• Check that roles, responsibilities and authorities have been assigned concerning process and production control.
• Check the availability of appropriate resources concerning production and service delivery.
  
  

Questions that I’ll answer in future articles:

• What is operational planning and control?
• What is an example of operational planning?
• What are the 7 things an operational plan should contain?
• What is the purpose of operational planning?
• What are the five key components of an operational plan?