QMS Guidance Pt. 9 – ISO 9001 Clauses 8.6 & 8.7
So to recap Clause 8 so far;
- We have a high-level plan to implement the processes identified in Clause 4.4
- We’ve communicated with the customer about what their needs are, reviewed them and confirmed that we can actual deliver on them
- Where necessary we’ve gone through a design process where we formulated a master plan and if required a unique plan where we’ve fully understood the customer needs of the product or service, what the regulatory and statutory implications are and whats going to happen if changes become necessary
- Then we looked at how we purchase goods and services that’ll be included in what we deliver to our customer and decided how that process is going to be controlled bearing in mind the complexity involved
- And finally we’ve done what we set out to do in a controlled fashion, ensuring everything of importance is traceable so any post delivery requirements can be dealt with properly and included a plan for what we’re going to do if there’s a change required
And finally for Clause 8 we’re at the point of deciding what to do once we’ve got finished products and services. We either 8.6 Release the products and services or decide that actually 8.7 Control non-conforming outputs is what we need to accomplish.
Clause 8.6 Release of Products and Services asks that you have a plan to control and verify the products and services have met requirements before release of products and services. What this actually means is further reaching than the short paragraph suggests. The standard is asking you to go through the planned arrangements and ensure all aspects have been met.
If you can take yourself back to Clause 5.1 where I introduced the concept of the internal customer, and Clause 4.4 where you mapped the QMS processes involved, this is where it pays to have understood and planned for the concept of internal customer because this clause is best met by treating each part of the process as an internal customer before final release to the paying customer.
Not only that but the standard requires you to keep documented information on the release of products and services which should include evidence of conformity and traceability to the person signing-off on them.
Although the standard doesn’t require it to be documented, as a consultant I advise that where release is approved where planned requirements haven’t been met that this is in fact documented with the person authorising (or in most cases instructing from my own experience) signing-off on the release. This might be just a part of the process that doesn’t meet muster, or it could be the finished product. Either way its important to know the time-line and who signed-off, especially if it was the customer, you may need to rely on the information at a later date.
Its not quite inevitable (and if you follow my advice as a consultant on how to build your QMS it becomes less likely) but from time-to-time things go wrong and you end-up with non-conforming product and Clause 8.7 Control of Non-Conforming Product informs the QMS on how to deal with them.
The standard once again is lite on the detail, it requires you to identify non-conforming products, prevent delivery and take some action. The standard provides a bullet list of options none of which are mandatory, you just have to consider them and pick one or more and if appropriate and possibly come up with a creative solution of your own as well. But, what it does require you to do is verify when non-conforming outputs are corrected, so when auditing if the non-conforming product hasn’t been corrected you wont find any validation for a correction. Again no prescriptive method is provided, its up to you to decide on what’s appropriate.
In addition to correcting the non-conforming output there is an option to obtain a concession (8.6 inferred a concession, 8.7.1.d formalises the option). Acceptance of a concession request by the customer is inferred but the standard is written in such a way as to allow the customer to be excluded. I wouldn’t ever advise this course of action per se, the paying customer should be consulted for best practice to prevail. However, the standard does allow the concepts of risk and opportunity to be evaluated and the organisation may well choose that release of non-conforming product is the most appropriate course of action and take the risk. The auditors job is to make sure the QMS allows for this to happen and that there’s documentation to support the process (you don’t have to like it, you just have to follow the evidence).
The standard requires you also to keep documented information about; what went wrong, what actions were taken, if a concession was obtained and who authorised the action. Once again lite on the detail, how your QMS is organised to do these things is left up to you, so long as you document it all. My advice as a consultant is use the non-conformance documentation system and craft the documentation to take account of the possibilities meaning an efficient use of the QMS documentation to capture as much information as possible in one place.
Closing Words on Clause 8
Clause 8 is an absolute monster of a clause but is the ‘doing’ part of the QMS. Auditors would be well advised to take the time to fully appreciate the organisations they’re auditing to understand the underlying culture, the business environment and the processes employed. Only this way can the auditor hope to provide the very best auditing service to the organisation because Clause 8 is essentially what the organisation get’s paid to do by its customers. Too slight an audit and you miss possibly important aspects that if uncovered will help the organisation meet its customer requirements. Too harsh an audit and you run the risk of interrupting the organisation needlessly with non-conformity reports where a gentle observational remark would do the trick. Not only that but you may be challenged and asked to justify your findings potentially leading to a break-down of the commercial relationship between certification body and the organisation being certified.
Take-Away # 1 – a well crafted QMS detailing the process stages and interfaces will save you a ton of time when it comes to release of products and services and ensuring you sign-off appropriately at each interface. Not only will this save time, but it ensures that non-conforming product should not see the light of day as far as your customer is concerned, saving reputation cost and financial cost.
Take-Away # 2 – going further with your documentation than the standard requires with concessions will help in situations where products or services are the subject of a complaint. You can look back on the time-line and either push-back or gain insight for the future to avoid the same mistakes happening again.
Take-Away # 3 – by using multi-purpose documentation crafted in such a way to capture as much information as possible in one place leads to a much more efficient QMS
Take-Away # 4 – the standard formally introduces the idea that you can ask for and get a concession which at no point does it require the customer to be involved. You just have to show that you exercised control and that you intended to release the products for use or delivery