Clause 8.2.3 Review of Requirements for Products and Services (secrets)

By

Table of Contents

I’ve mentioned the concept of a risk-based approach in many of the chapters so far. This concept was one of the major changes that were implemented in the new ISO 9001:2015 version of the standard. Performing a review of the requirements for products and services prior to production or release is simply a risk reduction strategy. It wouldn’t be a good idea to simply assume all of the order details are correct prior to production as I’m sure you would agree.

Producing products or services, and releasing them without checking against the order specifications would be a very costly exercise. Does this happen in industry? You bet it does as my earlier example of the steel doors illustrates. This process requires strict controls with clearly defined roles, responsibilities and authorities. Should mistakes occur at this stage caused by human error, I should imagine a few heads would roll as a consequence. Robust training and communication strategies and practices are key in this area.

Order acceptance and review can be the task of a human or a computer-generated process. It is beyond the scope of this writing to discuss specific software systems that perform this task. However, even with computer-controlled processes, there is often a human element required to perform final checks. Do computer-driven systems fail? There is an easy answer to that question; have your online purchases from stores such as Amazon or your local supermarket ever failed to deliver the correct item? The auditing, management review and corrective actions processes are all tools for continual improvements and should be deployed when this happens.

What Do We Need To Review?

8.2.3.1 Your organisation shall conduct a review of:

(a) Customer requirements, delivery and post deliver; customer requirements could include:

  • Amounts
  • Specifications
  • Price
  • Delivery instructions
  • Guarantees
  • Certifications
  • Payment instructions

What Are Post-Delivery Requirements?

Post-delivery requirements could include:

  • Installation activities
  • Testing activities
  • Training requirements
  • Service and maintenance requirements
  • Warranties
  • Customer support agreements
  • Recycling instructions
  • Safety instructions

False Promises

(b) If implied requirements can be met; the product or service should be able to meet the customer’s expectations according to your sales, advertising and agreed contract details. I mentioned in an earlier chapter, about the dangers of making unachievable promises in order to win a bidding process for a contract agreement. For example, are you stating that your ‘widget’ will guarantee a time saving of 2-hours? Or that your transportation and delivery of goods is guaranteed ‘next-day’ delivery? Get these promises wrong and the advertising standards agency might be contacting you or you will suffer penalties for a breach of contract. Use internal audits and testing for compliance and product or service conformity.

(c) Requirements specified by your organisation; this refers to the things that are not specifically requested by the customer but are required by your internal processes or quality standards. These are the items that your organisation has decided that the product or service should meet and might include:

  • Product/service verification and validation checks; we’ll discuss more on the subject at clause 8.3.4.
  • Customer service benefits such as installation and usage advice.
  • A ‘thank you for your custom’ greetings type card or flowers.
  • A discount on your next purchase order.
  • A discount for introducing family or friends to the product or service.
  • Discounts for bulk purchases.
  • Extended guarantees for early adopters.
  • Free fitting
  • Free collection and disposal of an existing product e.g., the old washing machine or carpet etc.

What Are The Legal Implications?

(d) Statutory and regulatory requirements; as mentioned earlier, some products or services are governed by laws such as health and safety, data protection, fire or environmental standards. Other products and services are governed by regulations such as the display of CE marking and labelling representation etc. This subject comes under the topic of legal compliance and is linked to the requirements of clause 6.1 ‘Actions to Address Risks’. As I’ve mentioned in an earlier chapter, many organisations outsource this function to those who can supply specialist advice. The result of this advice is usually entered into your management system as a ‘risk register’ although you can refer to it by any name. For 3rd-party audit purposes, be sure that you can demonstrate compliance to the items listed in the register by producing risk assessments, environmental controls, CE marking, correct labelling and verification and validation checks.

(e) Contract or order changes; what happens when the customer’s requirements change? Do you have an effective process implemented that records and communicates those changes with all interested parties? Customer requirements can often change, and these changes might include:

  • Quantities
  • Specifications
  • Delivery requirements

There may be differences existing in the contract agreement, product specification and production plan details. This can be caused by miscommunication, competing software processes or human error. When mistakes are identified or a customer requests a change to the specifications for a product or service, do you have an effective process to manage change?

Internet-Based Systems

Determining and reviewing customers’ requirements have become increasingly automated processes due to the internet. I’ve not been able to find any research that might suggest there are more errors using internet-based systems when compared to orders that are largely controlled by human processes. Whichever type of system you use, the adage of check, check and check again holds true. Even with the best of effort, systems will occasionally fail and customers will receive incorrect products or services. Those organisations that correct any failures quickly and effectively are the ones who are likely to keep their existing customers.

Developing an operating culture that adopts a risk-based approach across all areas of the organisation is what ISO 9001:2015 is trying to promote. This type of culture is simply encouraging you to ask the question ‘What if’ in as many different activities and processes as you can. When determining and reviewing the requirements for products and services, a risk-based approach is essential.

8.2.3.4 Changes to Requirements for Products and Services

After all of the complications involved in ensuring that the order specifications for products and services are correct, the customers can often change their minds. That’s ok, it’s perfectly reasonable for them to change their minds, but hopefully it happens before production or service delivery has begun. To protect yourself, you need to have agreements built into the work order and contract that specifies a final date where alterations can be made.

You must have an effective process for communicating the changes out to all interested parties. If you fail to do this, mistakes could be very costly. Remember my earlier example of the steel doors, the product recall resulted in a modification cost of £200.000. Tight process control and roles, responsibilities and authorities are the ways to protect yourself against these kinds of errors.

ISO 14001:2015

There is no similar requirement

ISO 45001:2018

There is no similar requirement

For auditors:

  • Check there is a process for reviewing requirements for products and services.
  • Check roles, responsibilities and authorities in relation to the process.
  • Check for training and communication of the process.
  • Check how any errors in the process were corrected.
  • Check if corrective actions contributed to continual improvement of the management system.

Other questions I will answer in future articles:

  • How do you review customer requirements?
  • What are service requirements?
  • What system is designed to ensure that customer requirements for quality are met?
  • Who is responsible for the review of products and services?
  • How do we correct mistakes to the delivery of products and services?
  • How do we check for changes to products and services?

References: 

  • www.iso.org
  • ISO 9000:2015
  • ISO 9002:2015
  • ISO 14001:2015
  • ISO 45001:2018

Please be kind, share and create a link back to this article.

(c) All content is copyrighted to ISO Training UK – All rights reserved 2022.

Author Bio

Paul Ingram has over 15 years of experience working in quality, health and safety and environmental management. Specialising as a trainer, he has provided training to thousands of delegates for small and multi-national businesses across the globe. A specialist in management system training and able to design and deliver courses for ISO 9001, 45001 & 14001. This includes implementation, Introduction, Internal Auditor, Lead Auditor, Remote Auditing, Management Brief and many more. For more information about booking a course visit: ISO Training & Consultancy

Category: ISO 9001 Requirements 
Tags: #iso 9001 basics#iso 9001 beginner,#iso 9001,#how to begin iso 9001,#iso 9001 quality management system,#how to start implementing iso 9001,#how to begin iso 9001 quality training,#5 steps to begin iso 9001:2015,#consulting firm,#quality assurance,#quality management how to start,#quality management,#easy way to understand qms ratio,#training,quality management system,#quality management systems,#starting quality management#training course,#learning styles,#train the trainer#isotrainingcourse#internalauditortraining#leadauditortraining

You cannot copy content of this page