Clause 8.2.2 Determining the Requirements for Products and Services

Table of Contents

• Statutory and regulatory requirements;
• Requirements of Your Organisation
• Meeting the claims for products and services
• Documents and Records.
• For Auditors:

So, you want to order one of our widgets, or maybe you want us to design a new widget for you. How many do you want? What size, shape, colour, weight or surface finish do you want? When do you want them delivered? Negotiating these details and recording the results in design specifications and order contracts is the bases of this clause requirement.

Who is responsible for this process? Have roles, responsibilities and authorities been defined? Is there a dedicated department for determining customer requirements? What is the information flow between order intake and production design departments? Are your orders negotiated and received utilizing a telephone conversation, internet order forms or a combination of both? Do you have a process for checking the order details are correct before the start of production?

Most of this is common sense and standard business practice and yet, errors do happen. To avoid this, one has to examine each of the various processes and try to identify any possible weak points. So far as determining the requirements for products and services, you are primarily looking for breaks in information flow, faults in form capture and human error. When examining your processes, try also to build checkpoints that will occur immediately after any identified areas of possible weak points. Peroforming these actions can only lead to continual improvement.

Once everything has been checked and verified as correct, order details are finalised onto an order plan and production schedule. Contracts are signed and the production run can begin. ISO 9001:2015 8.2.2 requires that the organisation will define the requirements for products and services and also be able to meet their claims for products and services. Your organisation shall ensure that:

8.2.2(a) Requirements for products and services are defined; are your customers asking you to design and deliver a completely new product or are they ordering something that you already manufacture and sell. Alternatively, they might be wanting to order one of your existing products but with bespoke design modifications for example; an item of PPE with bespoke branding modification. Just be certain that all of the customer’s requirements are captured, recorded and verified (more than once) before the production run begins or items are packed and delivered.

Statutory and regulatory requirements;

(1) Statutory and regulatory requirements; Statutory compliance refers to laws that are made by a government and are enforced by the government that your business or facility must adhere to. Statutory laws tend to be static and don’t often change except in the form of amendments.

The difference between regulatory and statutory compliance comes from who enforces the laws. Regulatory laws are not enforced by the government but by a regulatory body appointed by the government. Examples of statutory requirements include things like copyright and trademark protection. Regulatory requirements derive from regulations, which have been put in place by government agencies such as the HSE or the Environment Agency.

Most organisations maintain a list of regulations and statutes that apply to them and have a process to ensure that it’s kept up to date. It is often referred to as a legal register but you can call it whatever you like. I should also mention that a great many organisations outsource this legal function. Some businesses will create a profile of your organisation and supply you with a register of applicable statutes and regulations that apply to you. As part of the service that you pay for, they will contact you in the event of a change or update to any statute or regulation.

A 3rd-party auditor may ask you how you are meeting the requirements of your register. You can point them to your risk assessments, environmental process controls, application of CE marking or materials standards etc.

Just a quick note, I’m reminded of something that I draw attention to when talking about this subject during course delivery; we ‘conform’ to the requirements of a standard such as ISO 9001:2015 but we ‘comply’ to the requirements of the law. Nobody is going to lock you up for non-conformance to an ISO 9001:2015 requirement but you could receive a prison sentence for non-compliance to a legal requirement such as drink-driving etc.

Are you a multinational organisation that buys, sells, designs, produces or distributes products in other countries? If so, then be sure to check what statutes and/or regulations applicable to you within that country. Again, this is specialist legal advice and many organisations outsource this function to those businesses who can supply this type of information. Getting it wrong and breaking a law could end up being very costly when compared to buying the correct advice.

Requirements of Your Organisation

I’m sure that your organisation has its own standards of operation that describe the way in which you want to do business with customers and the outside world. These internal standards are not something the customer has specifically requested, but they may well be expecting them as a minimum on a subconscious level. These standards might include:

• Name badges and uniforms; service type industries where workmen are performing a manual task are often required by your organisation to wear a provided uniform bearing the corporate logo. It is also standard practice for a workman to be wearing a name badge that identifies and links him/her to the service provider.
  
  

I was once in the position of HSEQ manager to a multi maintenance service provider. Part of the business was to provide window cleaning services to hotels and commercial units. We had a monthly window cleaning contract to a very large 4-star hotel. On a hot summer’s day, the 3-staff who arrived to begin the clean decided to remove their uniform above the waist and work bare-chested. It transpired that certain hotel guests complained about this, and even though it was a single incident, we lost the contract.

• Office attire; business style dress for women, suit and tie for men and dress-down Fridays – you get the idea.
• Cleanliness; have you ever been in a shop or department store where an operative you converse with is suffering from unpleasant body odour? Being in a manager’s position and having to discuss this can’t be an easy thing. You can make it easier by providing clear instructions during staff induction.
• Professionalism; do you have policies that prohibit the use of expletives in the workplace? How are you applying the best practices of the ‘Me Too’ movement? What was once socially acceptable on a building site might not be any more. The advent of social media has influenced and changed what is now considered acceptable behaviour, are you keeping up with the times?
• Workplace etiquette; are you treating all of your colleagues at work with the same amount of respect? Do you have a policy that describes this and has it been trained out and applied effectively? Are you treating your foreign workforce with the equal amount of respect and etiquette as your native workforce?
• Product release; do you maintain tight standards of tolerance before product release? For example; if a liquid product has a guaranteed weight of 500ml, would you release it to the customer at a tested weight of 497.5ml? The legal requirement might state that a tolerance of 10ml on either side is acceptable but your internal standard is a guaranteed weight of 500ml. You are doing this because of your organisation’s personal pride in their work and finished product.
• Incentives; you might provide a paid-day off work on a worker’s birthday, enumeration for the best hazard reduction idea submitted during the month or an annual prize based upon personal output etc.
  
  

These requirements and many more are not provided by the customer; they are your own organisation’s internal requirements and ways of running its business. Organisations may list some of these items and others on their website under the heading of ‘A great place to work’. Be careful that you can deliver what you preach. I’ve worked in many environments that were described this way but were anything but a great place to work. These kinds of promises can and should be backed up by measurable performance objectives.

Meeting the claims for products and services

(b) Meeting the claims for products and services; are you able to meet that 2-day delivery guarantee deadline? Will the product last for the full amount of time as per your advertised claims? Will the product work according to your claims and advertising media? Will your service perform on time, every time as per the requirements of the contract?

Don’t set yourself up for failure by making claims that you will not be able to deliver. This sounds like common sense but when you are bidding for contracts it’s easy to get carried away and make guarantees that will fail. The consequences of doing this will be quickly announced on platforms such as Trustpilot and similar social media. Businesses these days can live or die on their public feedback and making bogus or accidental claims regarding your product or service could be disastrous. Do you really need to take such risk?

ISO 10001:2018 Quality management — Customer satisfaction — Guidelines for codes of conduct for organizations provides advice about codes of conduct, which is related to the making of claims.

Documents and Records.

There are no specific requirements for you to maintain or retain documented information for clause 8.2.2. However, I’m certain that you will be maintaining processes for customer requirements in the form of order sheets, product specifications, production plans and contracts etc. In an ideal world all of this information might be captured in a single form however, this is rarely the case. As always, try to keep paperwork to a minimum and as integrated as possible. When capturing the customer’s requirements for a product or service, check, re-check and then check again!

ISO 14001:2015

There is no similar requirement.

ISO 45001:2018

There is no similar requirement.

For Auditors:

• Check for a process that controls the capture of customer requirements for products and services.
• Check the flow of information from customer orders to final verification checks before delivery.
• Check roles, responsibilities and authorities concerning the process.
• Check for non-conformances against the process and how any corrective actions might have contributed towards continual improvement.
• Check how applicable statutory and regulatory requirements are being applied.
• Where possible, test a claim against a product or service eg; if a scent is guaranteed to last for 4 hours, perform a test.

Other Questions I will Answer in Future Articles:

• How do you determine the requirements for products and services?
• What is a service requirement?
• How do you review customer requirements?
• What are the two types of customer requirements?
• What do service level requirements represent?
• What are the basic requirements of a new product?