The fourth edition of the ISO 9001 standard “ISO 9001:2008 Quality Management Systems – Requirements” was published in November 2008.
This was a minor amendment rather than a revision and was meant to clarify the standard to address feedback on the use of the standard over the eight years since the major revision in ISO 9001:2000.
The amendments include:
- 0.1, 1.1, 1.2 The term “regulatory” in relation to requirements has been changed to “statutory and regulatory”.
- 0.2 The term “identify” has been changed to “determine” implying that rather than just recognising and establishing something, a degree of reason needs to be applied and a decision reached.
- 4.1 The requirement to “measure” in subclause e) has been changed to “measure (where applicable)”. Some organisations believed they needed to measure every process.
- 4.1 The reference to outsourced processes also now requires them to be “defined” and not just “identified”. In the Notes it is now made clear that processes need to include those for analysis and improvement. Also in the Notes it is made clear that an outsourced process is one that is needed for the organisation’s quality management system but the organisation has decided to have it performed by an external party. A new note identifies the factors that influence the control of an outsourced process. All these changes require much more careful thought about outsourcing. 7.4.1 is equally applicable to outsourcing.
- 4.2 A note has been added to say that more than one procedure requirement may be covered in a single document. For example, the separate requirements for a procedure for corrective action and a procedure for preventive action may be met in a single document. The ISO 9001 requirement for six procedures does not mean six documents.
- 4.2.3 Subclause f) has been amended to make it clear that only those external documents needed for the planning and operation of the quality management system need to be identidied and controlled – not all external documents.
- 5.5.2 The management representative must be a member of the organisation’s own management. Some organisation outsourced this role to a different organisation or to a quality consultant. This is now not allowed.
- 6.2.1 A clarification has been made to the effect that anyone performing work that impinges on product requirements needs to be competent. The implication before was that only quality control and quality assurance staff needed to be competent.
- 7.1 Measurement has been added as a required activity in the planning of product realisation. A new note aims to ensure that organisations take full account of post-delivery activities in product realisation.
- 7.3.3 A new note reminds organisations that in considering design and development output, the product packaging needs to be considered.
- 7.6 A new note explains that confirmation of software used in monitoring and measuring would include verification and configuration management.
- 8.2.1 A new note has been added to illustrate some of the ways of monitoring customer satisfaction other than carrying out customer satisfaction surveys which were often seen as the only way of meeting this requirement.
- 8.2.2 The requirement is to keep records throughout the audit and not just the report produced at the end of the audit. The need to apply immediate correction of any nonconformity is made clear in addition to any corrective action to be taken later.
- 8.2.3 The monitoring and measurement of processes needs to be appropriate to the process, the impact on requirements, and the effectiveness of the quality management system. Again, not just measurement for measurement’s sake.
- 8.2.4 Evidence of release of product is rquired only when it is released to the customer – not at each stage of the process leading up to delivery.
- 8.3 It is now made clear that one or more of the four ways of dealing with a nonconformity can be used as applicable. This section is worth re-reading as the text has been reorganised to make its intent clearer. In particular the requirement for dealing with rework is clarified.
- 8.5.2 and 8.5.3 It is now clear that the effectiveness of corrective and preventive action needs to be verified and not just that actions have been taken.
Annex A has been brought up to date to reference ISO 14001:2004. Annex B now shows the correspondence of ISO 9001:2008 with ISO 9001:2000 rather than with ISO 9001:1994 as this is no longer relevant.
The list of standards in the Bibliography has been brought up to date.
Many sections of the 2000 version remain unchanged in the 2008 amendment including:
- 4.2.2 Quality manual
- 5.1 Management commitment
- 5.2 Customer focus
- 5.3 Quality policy
- 5.4 Planning
- 5.5.1 Responsibility and authority
- 5.5.3 Internal communication
- 5.6 Management review
- 6.1 Provision of resources
- 7.2.3 Customer communication
- 7.3.4 Design and development review
- 7.3.5 Design and development verification
- 7.3.6 Design and development validation
- 7.3.7 Control of design and development changes
- 7.4 Purchasing
- 8.5.1 Continual improvement
Org
anisations with ISO 9001:2000 certificates need to be compliant with ISO 9001:2008 by December 31st, 2009. You should contact your certification body to help with this. In most cases they will audit you against the new version of the standard at your next surveillance visit.
If you would like your quality management system assessed against ISO 9001:2008 please leave your a comment below and we will get in touch. Please also get in touch via a comment below if you require further information on any of the changes in ISO 9001:2008.