Clause 8.3 Design and Development of Products and Services

Table of Contents

Do you perform any sort of design function? Many organisations declare that this clause requirement does not apply to them as they outsource their design requirements. As a 3rd-party auditor, I came across this quite often, but a closer look at their activities would reveal this was not completely true. There may be many occasions where design is performed by an organisation whiteout them realising it qualifies as such.

Design activities can often be hidden, examples might include:

  • Do you produce a unique product or service or have you modified something that already exists?
  • Do you perform part of a design function however small that might be?
  • Do you accept a rough idea from a customer and then develop it into a finished product or service?
  • Are your products or services altered to make them more bespoke for individual customer requirements?
  • Are you delivering services to internal customers that involve design?
  • Are you designing delivery routes, maintenance routines or safe systems of work?

As you can see from these examples, design functions can sometimes be hidden, and not so obvious. For the delivery of a product or service that begins with the initial conception, there will be a detailed project management function that incorporates design. Clause 8.3 and its sub-clauses are essentially a guide to the steps that are completed according to project management.

8.3.2 Design and Development Planning

This comprises all the component parts of the project management process and is often referred to as the project plan. Project plans can be as simple as planning for a new T-shirt design or as complex as that required for deep-sea drilling for oil. Even with highly complex project plans, the best approach is to try and break the project down into simple steps and also keep the paperwork to a minimum. There are specialist software tools such as Microsoft Project, Adobe Workfront or TeamGantt etc. These tools allow for a centralised collaborative working environment where documents can have group access properties assigned to them.

Project planning should be made as simple as possible because the more complex it becomes, the more opportunities there are for things to go wrong. One of the most common causes of project management errors is; poor communications and a lack of roles, responsibilities and authorities being clearly defined. All project management will include:

  • Time scales and deadlines for completion; are often broken down into weekly goals and targets with assigned responsibilities.
  • Budget planning; where the total cost for the project is estimated.
  • Design stages and goals; are specific parts of the project plan that must be completed, usually in a specific sequence. This is sometimes referred to as a work breakdown structure.
  • Roles, responsibilities and authorities; will have to be clearly defined and communicated to all interested parties.
  • Resources; a complete inventory of the resources required to complete the project will be made. Top management will need to ensure that all the required resources will be made available at the time they are needed.
  • Risk planning; is where each of the project processes and tasks is studied to identify possible risk points of failure.
  • Quality management plan; a quality management plan is required to measure and control the quality of the work being done at each stage.
  • Verification and validation; are the design outputs matching the input requirements? Are you testing that a product or service actually works and performs according to the customer’s requirements? Are customers required to assist in this function?
  • Safety and environmental issues: risk assessments, safe systems of work and method statements etc.
  • Documented information; can be paper-based or in a purely electronic format. Plan for all documents that are required to be maintained and retained, especially legal documents for regulators etc.

For simple projects, the use of an excel spreadsheet may be all that is required and can be shared through Google Docs or similar. For more complex projects, I would certainly take advantage of one of the many project management solutions mentioned earlier. If performing slight variations to a product or service design, existing project plans can be repurposed to save time.

8.3.3 Design and Development Inputs

These describe the characteristics of the product or service, the requirements from the customer regarding their specifications and the intended use for a product or service. The input requirements need to be clear, precise, documented and verified with all interested parties. ISO 9001:2015 details 5 input requirements of importance:

  • Function and performance; examples include pages per minute for a printer, the temperature of light from a bulb, the spin speed of a washing machine, the time required to clean an office or the delivery time of a food order etc. These are requirements of the customer, your organisation or the consumer market in general.
  • Previous design information; have you performed a similar design previously? Can you re-use machines, processes, designs and skills on a new project? What lessons did you learn from a previous project that might save you money and time or having to retrain staff?
  • Statutory and regulatory requirements; have these been considered and built into the input requirements for the project plan? Items might include safety and environment regulations, CE marking and labelling requirements, hygiene requirements if handling food during deliveries and recycling or disposal requirements.
  • Codes of practice; are standards such as guaranteed delivery times, using responsibly sourced materials or free returns etc. They are not statutes or regulations, but standards and codes of practice that your organisation has declared as important parts of their service or product delivery.
  • Product or service failure; has your food order arrived late and was it cold? Does your vacuum fail to remove pet hair contrary to advertised? Has there been an accident due to poor safety hazard identification and control? Risk planning is also an input to project planning and management. You are being asked to plan for contingencies when things go wrong.

Design inputs should be discussed, documented and communicated to all interested parties. Verification of all design inputs should be performed to ensure their accuracy. Discussions might also include topics such as the kaizen business model and lean six sigma techniques for cost and time savings etc. The retention of the documentation might include customer requirements and communications, design drawings, risk planning, budget planning, resource specifications, safety/environmental risk assessments and the minutes of meetings etc.

8.3.4 Design and Development Controls

So, you have all of your design inputs verified and finalised but how sure are you that all of your development and control activities will be implemented and controlled defectively according to the project plans? In reality, design review, verification and validation are all separate activities that are performed at various stages of the project plan. Verification and reviews can be required many times at various stages of development and production. ISO 9001:2015 describes the various activities for design and development as follows:

  • Customer requirements and final outputs are communicated; all interested parties are to be made aware of the customer’s requirements and the specifications and functionality of the final product or service. Although this might seem obvious, there may be occasions where new employees or temporary staff have not been trained on customer requirements and final specifications for products or services.
  • Reviews to design; as mentioned earlier, design reviews should be completed and verified with the customer before being signed off as final. There may be customer requirements that are unnecessary or unrealistic that need to be discussed and reviewed. Management review meetings can be captured as a record of a design review. Or a simple design review form completed by a customer could also be used. Design review is a way to confirm that everything can be achieved according to the customers’ requirements. Design reviews can include many departments and should also include the customer.
  • Validation and verification; these activities are performed to ensure that the product or services perform to the design specifications and customer requirements. Product testing and market surveys are common strategies used in validation. Different degrees of validation is required for product types. Pharmaceutical products might undergo a 10-year rigorous testing regime on the grounds of safety. A photocopy machine being tested for pages per minute will require far-less stringent testing methods.

Product verification might include many topics such as:

  • Legal requirements such as CE marking, labelling, the safety of use
  • Attributes such as size, shape, weight and colour
  • Performance checks such as the spin speed of a washing machine
  • Meeting customer requirements and/or the claims as advertised.
  • Non-conforming products or services; where problems are identified during any stage of the project plan including verification and validation, corrective actions are designed and implemented. Don’t forget to update the management system where necessary in terms of the continual improvement process.
  • Documented information requirements; documents to be maintained and retained might include minutes of meetings, inspection and test reports, customer communications, task descriptions and risk assessments etc.

8.3.5 Design and development Outputs

The outputs from design and development serve to provide all of the information for the production stages of products and services. Your organisation has decided that everything has been finalised and verified as correct with the customer, and now it can begin the production of the product or the delivery of a service. The design outputs should be clear, precise and non-ambiguous so that all parties who receive them are able to begin production or service delivery without further checks. Design outputs might include items such as product specifications, resource requirements, safety/environmental requirements, labelling and packaging requirements and transport requirements etc.

ISO 9001:2015 describes four parts to design and development outputs consisting of:

  • Consistency; all design and development outputs should be consistent with the input requirements as required by the customer and the considerations of everything mentioned at clause 8.3.3.
  • Sufficient; are the design outputs sufficient enough to ensure that the various interest parties and departments that receive them will be able to perform their required production tasks? Are the outputs communicated in a clear and concise language that will be understood without error?
  • Acceptance criteria; might include items such as verification and validation requirements, operating instructions for production processes, criteria for externally provided products and services, health, safety and environmental requirements and any legal and/or regulatory requirements.
  • Service characteristics include providing end-users of a product or service with instructions on the safe use of the product or service such as the safe use of a power tool or how to store food safely etc.

ISO 9001:2015 then requires that you retain records of design and development outputs. These records might include items including:

  • Drawings, product specifications, material specifications, test requirements, quality plans.
  • Process production specifications, production equipment requirements.
  • Calculations and construction plans.
  • Architects plans and technical drawings.
  • Graphic designs used for marketing etc.

Be sure that all records resulting from design and development outputs are entered into the management system and controlled for version and revision history etc.

8.3.6 Design and Development Changes

Even the best of plans resulting from the design and development processes will often require a change or modification. This clause requires any changes are to be made in a controlled manner and that the management system documentation is updated as appropriate. Changes can often affect other processes such as purchasing, materials selection or end-user instructions. Changes can happen during any stage of the production or implementation of a product or service including:

  • During a review of the design and development outputs.
  • After the inspection of a product or service prototype.
  • During the product production process stages.
  • After the initial implementation of a service.
  • After new customer requirements.
  • After verification and validation activities.

ISO 9001:2015 is quite specific about the required documentation that you should retain that details the changes including:

  1. Design changes; changes to the specifications for the product or service eg: shape, colour, weight or delivery times etc.
  2. Review outputs; this might include customer reviews, verification and validation checks, instructions from regulators or market requirements.
  3. Authorisation; who authorised the change? Was it the customer someone internal as part of the production process? If internal, do they have the correct roles, responsibilities and authority to do this?
  4. Adverse impacts; will a change in design and development or the production process affect other processes? Changes at the design and development stages might affect purchasing and materials choices. Changes during production or service implementation might affect another process in terms of time delays and cash flows etc.

ISO 14001:2015

There is no similar requirement.

ISO 45001:2018

There is no similar requirement.

For auditors:

  • Check for a design and development planning process.
  • Check for a review of the design and development process.
  • Check that changes to design and development are performed in a controlled manner.
  • Check the roles, responsibilities and authorities relating to the design and development processes are clearly defined.
  • Check for any non-conformances in the processes and if any corrective actions led to the continual improvement process.

Other questions that I will answer in future articles:

  • What is a design and development plan?
  • What activities are included in design verification?
  • What are externally provided processes?
  • What is an ISO designer?
  • What should be included in a design and development plan?

References: 

  • www.iso.org
  • ISO 9000:2015
  • ISO 9002:2015
  • ISO 14001:2015
  • ISO 45001:2018

Please be kind, share and create a link back to this article.

(c) All content is copyrighted to ISO Training UK – All rights reserved 2022.

Author Bio

Paul Ingram has over 15 years of experience working in quality, health and safety and environmental management. Specialising as a trainer, he has provided training to thousands of delegates for small and multi-national businesses across the globe. A specialist in management system training and able to design and deliver courses for ISO 9001, 45001 & 14001. This includes implementation, Introduction, Internal Auditor, Lead Auditor, Remote Auditing, Management Brief and many more. For more information about booking a course visit: ISO Training & Consultancy

You cannot copy content of this page