Operational Procedures for ISO 9001:2015 Requirements

ISO Certification could easily be described as the most important step you’ll ever do for your business. By Creating Operational Procedures for ISO 9001:2015 certification requirements, you are sure to cater to the most critical elements of your core activities. In turn, by taking a deep dive into these key activities, you are bound to find areas for improvement that will have a long-lasting effect on your business – which is just 1 of the benefits of ISO Certification.

Overview of requirements

In a previous post, we have already discussed the requirements of the standard, by translating each of the ISO 9001 Clause into plain English. In this post, we will however take a deep dive into what we’ll need to do to meet the Operational Procedures for ISO 9001:2015 Requirements.

As an overview of the requirements, we will need to:

  1. Operational planning and control
  2. Control of production and service provision
  3. Identification and traceability
  4. Property belonging to customer or external providers
  5. Preservation of product
  6. Post-delivery activities
  7. Control of changes
  8. Release of products and services

The above 8 points are all mentioned within Clause 8. This Clause is the most important clause within the standard, as it speaks about the actual operation of the business. Moreover, it is the most detailed clause. In this post, we will only be covering the Operational Procedures for ISO 9001:2015 Requirements, and therefore, we will not be discussing the Sales procedure, the design & development procedure, or the purchasing procedure. These procedures are requirements of Clause 8 too.

Documenting a process

The first thing that we have to do is to create the interaction of processes – how the individual processes relate to one another, from customer requirements to customer satisfaction.

The key clause relating to processes is Clause 4.4.1:

  1. determine the inputs required and the outputs expected from these processes;
  2. determine the sequence and interaction of these processes;
  3. determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes;
  4. determine the resources needed for these processes and ensure their availability;
  5. assign the responsibilities and authorities for these processes;
  6. address the risks and opportunities as determined in accordance with the requirements of 6.1;
  7. evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;
  8. improve the processes and the quality management system.
Input, Process & Output = The Fundamentals of any Process
Input, Process & Output = The Fundamentals of any Process

The desired result is achieved more efficiently when activities are related resources are managed as a process.

  • Input – what will start the process
  • Resource – what resources people (skills), software, tools etc that are needed to get the work done. Who is responsible for this process?            
  • Control – how will we make sure that our process is running correctly – process KPIs. For example, defects in product, time to complete. Is there any work instruction on how work has to be carried out?
  • Output – the expected result from our process

Change Management

This is one of the new requirements of the standard. Let’s take an example, many people from construction people – purchasing manager stated that PO before 1pm will be processed on the same day. This change was not communicated to the project managers. So, they will not get the material in time. And this change in one of the processes, is having an effect in other processes. By considering the clauses relating to the change, we are going to ensure that all implications are taken into considerations:

  • 6.3 – as per this clause, the organization shall consider:
    • the purpose of the changes and their potential consequences;
    • the integrity of the quality management system;
    • the availability of resources;
    • the allocation or reallocation of responsibilities and authorities.
  • 8.5.6 – the major difference of this clause from 6.3 is that there the standard is asking for documented information, describing the results of the review of changes, the person(s) authorising the change, and any necessary actions arising from the review.

Key processes

Clause 8 talks about the key activities are done by the company, as are split by the following departments:

Operational Procedures for ISO 9001:2015 Requirements

So without further ado, let’s start discussing each of the requirements in the level of detail that is required for this standard. Below is an example of a procedure for a fictitious company.

An example of an Operational Procedures for ISO 9001:2015 Requirements
Operational Procedures for ISO 9001:2015 Requirements

As can be seen above, the different roles for the different people have been highlighted in a different colour. This makes it easier for each person to quickly identify their role within the management system. It is interesting that in this particular flow chart, on person (the operations manager) is most involved in the work that needs to be done.

Moreover, it is good to note that more often than not, there needs to be more than one flow chart created to accurately describe each of the requirements that are going to be defined below.

Having said that, it probably doesn’t make sense to create a flow chart, or procedure for each of the requirements defined below. Therefore an element of judgment is required by the person in charge of creating the quality management system.

Operational planning and control

In Clause 6, we would have defined the internal & external issues relating to the company and would have come up with a list of risks and opportunities relating to the ISO 9001 management system.

Here, the standard asks us to ensure that our procedures cover the actions determined in Clause 6. The extent, and the level of detail to which we are to create operational Procedures for ISO 9001:2015 Requirements, depends on the risks inherent in the type of company. And this will be highlighted in an example below.

Control of production and service provision

Here, primarily we are to ensure that the product/service meets the state/unstated needs of the customer. Now, depending on the product/service being sold this can mean many things.

Let’s take 2 examples of widely different companies.

  • A manufacturer of airplanes
  • A supermarket

Needless to say, both companies sell critically important products – and both must ensure that their company offers a top-quality product to its clients.

Naturally, both are procuring external products from external providers. And therefore, Clause 8.4 is relevant for both – which asks to ensure that we ensure that the products, processes and services that we procure from external providers are of the desired quality.

However, in the case of the manufacturer of the airplane, given that they are changing the raw materials, or sub-assemblies, into a different product – further checks and balances are required. This is needed to ensure that the parts have been assembled correctly and that the new finished product is capable of meeting the customer requirements.

Identification and traceability

There are certain industries where this is more important than others. For example, importers and distributors of medical devices must ensure the full traceability of their products.

Naturally, all efforts are taken to ensure a good quality product, including good distribution practices, however, some mistakes happen. And a great system for identification and traceability is a must for Operational Procedures for ISO 9001:2015 Requirements.

Property belonging to customer or external providers

Part of ensuring a great quality product and service given to customers is to ensure that we safeguard property belonging to customers/suppliers.

Doing an excellent job, but damaging any type of property of the customer will still result in customer dissatisfaction. By customer property, we refer to the actual premises, to physical goods, reputation, information, or any other tangible/intangible asset.

Preservation of product

Care during transportation has already been mentioned in GDP Certification, as per above. The standard here simply asks us to ensure that once the product has been completed, we preserve the state of the production/service during provision.

Post-delivery activities

As the name implies, post-delivery activities refer to the activities that we need to do after we have successfully delivered the product/service to the client. And here, the standard prescribes exactly what we will need to consider:

  • statutory and regulatory requirements
  • the potential undesired consequences associated with its products and services
  • nature, use, and intended lifetime of its products and services
  • customer requirements
  • customer feedback

These activities include actions required under warranty provisions, maintenance agreements, and even the possibility of being involved in the end-of-life disposal of a product.

Control of changes

No matter how much we plan ahead and follow rigid systems, change is the only constant. And change might be driven by the customer, and therefore we would not be in full control of such a change.

And therefore, the standard asks us to consider what would happen in the case of a change. Such a case is very common in, for example, companies involved in the construction industry. Variations are the norm. A clear definition is required to define when a new request is to be logged, or when a change on a previous confirmed job is to be registered.

Release of products and services

The release of the product might not necessarily happen at the last stage (when there is the physical handover of the product). But it may very well be staggered into steps.

Conclusion on the Operational Procedures for ISO 9001:2015 Requirements

The above points have covered all the Operational Procedures for ISO 9001:2015 Requirements. Given that each company must look at these requirements in a different way, and that every company must consider their risks when defining which procedure to include, we could not go down into details relating varying companies.

Having said that, we hope that you found this useful.

Should you be interested in getting more specific help relating to your business, feel free to ask for help. Our dedicated team of ISO consultants are here to help.