Upload
emad-emad
View
222
Download
0
Embed Size (px)
Citation preview
8/19/2019 Change in ISO9001-2008.pdf
1/17
ISO 9001:2008 Changes
ISO 9001:2008 - the main changes from the 2000 version
Introduction:
This document outlines the main changes from the 2000 version of ISO 9001 to the 2008 FDIS (Final Draft
International Standard) version. There are some very minor typographical changes that have not been
mentioned. As stated in previous communications, overall the changes are minor.
Key:
o Words marked in Yellow are the changes from the 2000 version.o Red text denotes a change worthy of note.
Clause Number 2000 version 2008 version Comments
Forward All reference to ‘Quality
Assurance’ has now been
removed.
The final links with ‘Quality
Assurance’ have now been
removed making ISO 9001 a
true management standard.
Forward Details of the changesbetween the third edition and
this fourth edition are given
in Annex B.
0.1 Introduction
General
The adoption of a quality
management system should
be a strategic decision of an
organization. The design
and implementation of an
organization's quality
management system isinfluenced by varying
needs, particular objectives,
the products provided, the
processes employed and
the size and structure of the
organization. It is not the
The adoption of a quality
management system should
be a strategic decision of an
organization. The design
and implementation of an
organization's qualitymanagement system is
influenced by
— its business environment,
changes in that environment,
or risks associated with that
There is more to this change
than is immediately apparent.
For the first time the word ‘risk’
appears in ISO 9001. Also
‘business environment’ is used.
This I believe is sowing the
seeds for the next revision ofISO 9001 (possibly around
2013) and also moving towards
the new ISO 9004 and
‘sustainable management
systems.
8/19/2019 Change in ISO9001-2008.pdf
2/17
Page 2 :
intent of this International
Standard to imply uniformityin the structure of quality
management systems or
uniformity of documentation.
environment,
— its varying needs,
— its particular objectives,
— the products it provides,
— the processes it employs,
— its size and organizational
structure.
0.1 Introduction
General
…meet customer,
regulatory and the
organization's own
requirements.
…meet customer, statutory
and regulatory requirements
applicable to the product,
and the organization‘s own
requirements.
Changes made for consistency
with other statements
concerning ‘statutory and
regulatory requirements.
0.2 Process approach For an organization to
function effectively, it has to
identify and managenumerous linked activities.
An activity using resources,
and managed in order to
enable….
For an organization to
function effectively, it has to
determine and managenumerous linked activities.
An activity or set of activities
using resources, and
managed in order to
enable….
Additional clarity.
0.2 Process approach and their management can
be referred to as the
“process approach”.
…and their management to
produce the desired
outcome,
Clarity on what the process
approach is.
0.3 Relationship withISO 9004
The present editions of ISO9001 and ISO 9004 have
been developed as a
consistent pair of quality
management system
standards which have been
designed to complement
each other, but can also be
ISO 9001 and ISO 9004 arequality management system
standards which have been
designed to complement
each other, but can also be
used independently.
Change made to reflect theposition that ISO 9001 and
9004 were a consistent pair that
should be used together; to
being standards that have now
had those connections
removed.
ISO 9004 is planned to be
8/19/2019 Change in ISO9001-2008.pdf
3/17
Page 3 :
used independently.
Although the two
International Standards
have different scopes, they
have similar structures in
order to assist their
application as a consistent
pair.
ISO 9001 specifies
requirements for a quality
management system that
can be used for internal
application by
organizations, or for
certification, or for
contractual purposes. It
focuses on the
effectiveness of the quality
management system in
meeting customer
requirements.
ISO 9004 gives guidance ona wider range of objectives
of a quality management
system than does ISO
9001, particularly for the
continual improvement of an
organization's overall
performance and efficiency,
as well as its effectiveness.
ISO 9004 is recommended
as a guide for organizations
whose top managementwishes to move beyond the
requirements of ISO 9001,
in pursuit of continual
improvement of
performance. However, it is
not intended for certification
or for contractual purposes.
ISO 9001 specifies
requirements for a qualitymanagement system that
can be used for internal
application by organizations,
for certification, or for
contractual purposes. It
focuses on the effectiveness
of the quality
management system in
meeting customer
requirements.
ISO 9004 gives guidance on
a wider range of objectives
of a quality management
system than does ISO 9001,
particularly for the continual
improvement of an
organizations overall
performance and efficiency,
as well as its
effectiveness. ISO 9004 is
recommended as a guide for
organizations whose top
management wishes to
move
beyond the requirements of
ISO 9001, in pursuit of
continual improvement of
performance. However, it is
not intended for certification
or for contractual purposes.
NOTE At the time of publication
of this International Standard,
published in 2009.
8/19/2019 Change in ISO9001-2008.pdf
4/17
Page 4 :
ISO 9004 is under revision.
0.4 Compatibility with
other management
systems
This International Standard
has been aligned with ISO
14001:1996 in order to
enhance the compatibility of
the two standards for the
benefit of the user
community.
During the development of
this International Standard,
due consideration was given
to the provisions of ISO
14001:2004 to enhance the
compatibility of the two
standards for the benefit of
the user community. Annex
A shows the correspondence
between ISO 9001:2008 and
ISO 14001:2004
Update to the latest version of
ISO 14001.
Various Where ever the term ‘and
applicable regulatory
requirements’ is mentioned
the addition of the word
‘statutory’ has been added to
read ‘and applicable
statutory and regulatory
requirements’.
Self explanatory.
1 Scope NOTE In this International
Standard, the term “product”
applies only to the product
intended for, or required by,
a customer.
NOTE 1 In thisInternational Standard, theterm "product" only appliesto:
⎯ product intended for orrequired by a customer
⎯ any intended outputresulting from the
product realisationprocesses
⎯ NOTE 2 Statutory andregulatory requirements
can be expressed as legal
requirements.
Clarification as to what is a
product. This is not only the end
product but can be the product
of any process especially the
‘product realization process.
2 Normative The following normative The following referenced An interesting change
8/19/2019 Change in ISO9001-2008.pdf
5/17
Page 5 :
references document contains
provisions which, throughreference in this text,
constitute provisions of this
International Standard. For
dated references,
subsequent amendments
to, or revisions of, any of
these publications do not
apply. However, parties to
agreements based on this
International Standard are
encouraged to investigate
the possibility of applying
the most recent edition of
the normative document
indicated below. For
undated references, the
latest edition of the
normative document
referred to applies.
Members of ISO and IEC
maintain registers ofcurrently valid International
Standards.
ISO 9000:2000, Quality
management systems —
Fundamentals and
vocabulary.
documents are
indispensable for theapplication of this document.
For dated references, only
the edition cited applies. For
undated references, the
latest edition of the
referenced document
(including any amendments)
applies.
ISO 9000:2005, Quality
management systems —
Fundamentals and
vocabulary
emphasising the connection
between ISO 9000 and ISO9001.
3 Terms anddefinitions
Reference to the ‘supplychain’ terms have been
removed; ‘supplier,
organisation and customer’.
Obsolete terms removed.
4.1 General
requirements a)
e)
The word ‘identify’ has been
replaced by ‘determine’
The words ‘(where
applicable)’ have been
The word ‘determine’ is slightly
stronger than ‘identify’.
Some clarity provided as to the
applicability of monitoring and
8/19/2019 Change in ISO9001-2008.pdf
6/17
Page 6 :
Outsourcing
Where an organization
chooses to outsource any
process that affects product
conformity with
requirements, the
organization shall ensure
control over such
processes. Control of such
outsourced processes shall
be identified within the
quality management
system.
NOTE Processes needed
for the quality management
system referred to above
should include processes
for management activities,
provision of resources,
product realization and
measurement.
added between ‘measure’
and ‘and’.Where an organization
chooses to outsource any
process that affects product
conformity to requirements,
the organization shall ensure
control over such processes.
The type and extent of
control to be applied to these
outsourced processes shall
be defined within the quality
management system.
NOTE 1 Processes needed
for the quality management
system referred to above
include processes for
management activities,
provision of resources,
product realization and
measurement, analysis and
improvement.
NOTE 2
An outsourced process is
identified as one being
needed for the organization’s
quality management system
but chosen to be performed
by a party external to the
organization.
NOTE 3
Ensuring control over
outsourced processes does
not absolve the organization
of the responsibility of
conformity to all customer,
statutory and regulatory
requirements. The type and
measuring
Some clarity provided on what
controls are required.
Notes added to provide some
guidance as to what is required
for outsourcing.
8/19/2019 Change in ISO9001-2008.pdf
7/17
Page 7 :
extent of control to be
applied to the outsourcedprocess may be influenced
by factors such as:
a) the potential impact of theoutsourced process onthe organization’scapability to provideproduct that conforms torequirements;
b) the degree to which the
control for the process isshared;
c) the capability of achievingthe necessary controlthrough the applicationof clause 7.4.
4.2 Documentation
requirements c) and
d).
Note 1
c) documented procedures
required by this
International Standard,
d) documents needed bythe organization to ensure
the effective planning,
operation and control of its
processes,
and
e) records required by this
International Standard (see
4.2.4).
NOTE 1 Where the term
“documented procedure”
appears within this
International Standard, this
means that the procedure is
established, documented,
implemented and
c) documented procedures
and records required by this
International Standard, and
d) documents, includingrecords, determined by the
organization to be necessary
to ensure the effective
planning, operation and
control of its processes.
NOTE 1 Where the term
“documented procedure“
appears within this
International Standard, this
means that the procedure is
established, documented,
implemented and
Clarity given that a ‘record’ is a
document and comes under
document control.
8/19/2019 Change in ISO9001-2008.pdf
8/17
Page 8 :
maintained maintained. A single
document may address therequirements for one or
more procedures. A
requirement for a
documented procedure may
be covered by more than
one document.
4.2.3 Control of
documents f)
to ensure that documents of
external origin are identified
and their distribution
controlled, and
to ensure that documents of
external origin determined by
the organization to be
necessary for the planning
and operation of the quality
management system are
identified and their
distribution….
Clarity on external documents
given.
4.2.4 Control of
records
Records shall be
established and maintained
to provide evidence of
conformity to requirements
and of the effectiveoperation of the quality
management system.
Records shall remain
legible, readily identifiable
and retrievable. A
documented procedure
shall be established to
define the controls needed
for the identification,
storage, protection,
retrieval, retention time anddisposition of records.
Records established to
provide evidence of
conformity to requirements
and of the effective operation
of the quality managementsystem shall be controlled.
The organization shall
establish a documented
procedure to define the
controls needed for the
identification, storage,
protection, retrieval,
retention and disposition of
records.
Records shall remain legible,
readily identifiable and
retrievable.
This clause has been reworded
for clarity but essentially
remains the same.
5.5.2 Management
representative
Top management shall
appoint a member of
management who,
irrespective of other
Top management shall
appoint a member of the
organization’s management
who, irrespective of other
The management
representative must be a
member of the organization’s
management team. This may
8/19/2019 Change in ISO9001-2008.pdf
9/17
Page 9 :
responsibilities, shall have
responsibility and authority
that includes
responsibilities, shall have
responsibility and authoritythat includes.
preclude the use of external
parties such as consultantscarrying out this role.
6.2.1 General Personnel performing work
affecting product quality
shall be competent on the
basis of appropriate
education, training, skills
and experience
Personnel performing work
affecting conformity to
product requirements shall
be competent on the basis of
appropriate education,
training, skills and
experience.
NOTE Conformity to product
requirements may be
affected directly or indirectly
by personnel performing any
task within the quality
management system
This now throws a wider net
over ‘conformity to product
requirements’ not just product
quality.
6.2.2 Competence
training and
awareness
a) determine the necessary
competence for personnel
performing work affecting
product quality,
b) provide training or take
other actions to satisfy
these needs,
c) evaluate the
effectiveness of the actions
taken,
a) determine the necessary
competence for personnel
performing work affecting
conformity to product
requirements,
b) where applicable, provide
training or take other actions
to achieve the necessary
competence,
Again competency now covers
all product requirements.
The words ‘where applicable’
have been added to provide
some flexibility.
6.3 Infrastructure c) supporting services (such
as transport or
communication).
c) supporting services (such
as transport, communication
or information systems).
Information systems added to
provide clarity.
6.4 Work environment There was no note in this
version.
NOTE The term "work
environment" relates to
conditions under which work
is performed including
Note added to provide guidance
in this area.
8/19/2019 Change in ISO9001-2008.pdf
10/17
Page 10 :
physical, environmental and
other factors (such as noise,temperature, humidity,
lighting, or weather).
7.1 Planning of
product realization c)
c) required verification,
validation, monitoring,
inspection and test activities
specific to the product and
the criteria for product
acceptance;
c) required verification,
validation, monitoring,
measurement, inspection
and test activities specific to
the product and the criteria
for product acceptance;
Measurement added to
strengthen this clause.
7.2.1 Customer
related processes
statutory and regulatory
requirements related to the
product, and
d) any additional
requirements determined by
the organization.
New note added.
c) statutory and regulatory
requirements applicable to
the product, and
d) any additional
requirements considered
necessary by the
organization.
NOTE Post delivery activities
include, for example, actions
under warranty provisions,
contractual obligations such
as maintenance services,
and supplementary services
such as recycling or final
disposal.
Clarity on the applicability of the
use of statutory and regulatory
requirements.
Clarity on whether additional
requirement may be necessary.
Note added to assist with this
clause.
7.3.1 Design and
development planning
New note added. NOTE Design and
development review,
verification and validation
have distinct purposes. Theymay be conducted and
recorded separately or in
any combination as suitable
for the product and the
organization.
Note added to assist with this
clause.
7.3.3 Design and
development outputs
The outputs of design and
development shall be
provided in a form that
The outputs of design and
development shall be in a
form suitable for verification
Minor change made for clarity.
8/19/2019 Change in ISO9001-2008.pdf
11/17
Page 11 :
enables verification against
the design and developmentinput and shall be approved
prior to release.
New note added
against the design and
development input and shallbe approved prior to release.
NOTE Information for
production and service
provision can include details
for the preservation of
product.
Note added to assist with this
clause.
7.5.1 Control of
production and
service provision
d) the availability and use of
monitoring and measuring
devices,
f) the implementation of
release, delivery and post-
delivery activities.
d) the availability and use of
monitoring and measuring
equipment,
f) the implementation of
product release, delivery and
post-delivery activities.
‘Devices’ has now changed to
‘equipment’ for clarity.
Clarity given that the clause is
dealing with ‘product’ release.
7.5.2 Validation of
processes for
production and
services provision
The organization shall
validate any processes for
production and service
provision where the
resulting output cannot be
verified by subsequent
monitoring or measurement.
This includes any processes
where deficiencies become
apparent only after the
product is in use or the
service has been delivered.
Notes 1 and 2 have been
removed
The organization shall
validate any processes for
production and service
provision where the resulting
output cannot be verified by
subsequent monitoring or
measurement and as a
consequence, deficiencies
become apparent only after
the product is in use or the
service has been delivered.
This clause has been made
more succinct in that it clarifies
that the necessity for the
validation of the process may
only become apparent after the
product or service is delivered.
7.5.3 Identification The organization shall The organization shall Clarification provided as to the
8/19/2019 Change in ISO9001-2008.pdf
12/17
Page 12 :
and traceability identify the product status
with respect to monitoringand measurement
requirements.
Where traceability is a
requirement, the
organization shall control
and record the unique
identification of the product
(see 4.2.4).
identify the product status
with respect to monitoringand measurement
requirements throughout
product realization.
Where traceability is a
requirement, the
organization shall control the
unique identification of the
product and maintain
records (see 4.2.4).
requirement that identification
should provided ‘throughout’the whole product realization
process.
Slight changes to the words to
emphasise the maintenance of
records.
7.5.4 Customer
property
…..otherwise found to be
unsuitable for
use, this shall be reported to
the customer and records
maintained (see 4.2.4).
NOTE Customer property
can include intellectual
property.
….otherwise found to be
unsuitable for use, the
organization shall report this
to the customer and maintain
records (see 4.2.4).
NOTE Customer property
can include intellectual
property and personal data.
Small clarification to this clause.
7.5.5 Preservation of
product
The organization shall
preserve the conformity of
product during internal
processing and delivery to
the intended destination.
This preservation shall
include identification,
handling, packaging,
storage and protection.
Preservation shall also
apply to the constituent
parts of a product.
The organization shall
preserve the product during
internal processing and
delivery to the intended
destination in order to
maintain conformity to
requirements. As applicable,
preservation shall include
identification, handling,
packaging, storage and
protection. Preservation shall
also apply to the constituent
parts of a product.
Slight change to the wording for
clarity.
7.6 Control of The organization shall The organization shall ‘Devices’ changed to
8/19/2019 Change in ISO9001-2008.pdf
13/17
Page 13 :
monitoring and
measuring equipment
determine the monitoring
and measurement to beundertaken and the
monitoring and measuring
devices needed to provide
evidence of conformity of
product to determined
requirements (see 7.2.1).
a) be calibrated or verified
at specified intervals, or
prior to use, against
measurement standards
traceable to
international or national
measurement standards;
where no such standards
exist, the basis used for
calibration or verification
shall be recorded;
c) be identified to enable
the calibration status to be
determined;
Notes 1 and 2 have been
removed.
determine the monitoring
and measurement to beundertaken and the
monitoring and measuring
equipment needed to
provide evidence of
conformity of product to
determined requirements.
a) be calibrated or verified,
or both, at specified
intervals, or prior to use,
against measurement
standards traceable to
international or national
measurement standards;
where no such standards
exist, the basis used for
calibration or verification
shall be recorded (see
4.2.4);
c) have identification inorder to determine its
calibration status;
NOTE Confirmation of the
ability of computer software
to satisfy the intended
application would typically
include its verification and
configuration managementto maintain its suitability for
use.
‘equipment’.
Small change made for clarity.
Small change made for clarity.
New note added.
8.1 General a) to demonstrate
conformity of the product,
a) to demonstrate
conformity to product
requirements,
‘Requirements’ added to clarify it
is to the actual requirements of
the product.
8/19/2019 Change in ISO9001-2008.pdf
14/17
Page 14 :
8.2.1 Customer
satisfaction
New note added NOTE Monitoring customer
perception can includeobtaining input from
sources such as customer
satisfaction surveys,
customer data on delivered
product quality, user opinion
surveys, lost business
analysis, compliments,
warranty claims, dealer
reports.
Note added to assist with this
clause.
8.2.2 Internal Audits The responsibilities and
requirements for planning
and conducting audits, and
for reporting results and
maintaining records (see
4.2.4) shall be defined in a
documented procedure.
The management
responsible for the area
being audited shall ensure
that actions are taken
without undue delay to
eliminate detected
nonconformities and their
causes.
NOTE See ISO 10011-1,
ISO 10011-2 and ISO
10011-3 for guidance.
A documented procedure
shall be established to
define the responsibilities
and requirements for
planning and conducting
audits, establishing records
and reporting results.
Records of the audits and
their results shall be
maintained (see 4.2.4).
The management
responsible for the area
being audited shall ensure
that any necessary
corrections and corrective
actions are taken without
undue delay to eliminate
detected nonconformities
and their causes.
NOTE See ISO 19011 forguidance.
More emphasis placed on
‘documented procedure’
The requirement for records has
been separated out to
emphasise their importance.
What actions need to be taken
has been clarified.
8.2.3 Monitoring and
measurement of
When planned results are
not achieved, correction and
When planned results are
not achieved, correction
It is read that any actions taken
are to ensure conformity to
8/19/2019 Change in ISO9001-2008.pdf
15/17
Page 15 :
processes corrective action shall be
taken, as appropriate, toensure conformity of the
product.
New note added
and corrective action shall
be taken, as appropriate.
NOTE When determining
suitable methods, the
organization should
consider the type and
extent of monitoring or
measurement appropriate
to each of its processes in
relation to their impact on
the conformity to product
requirements and on the
effectiveness of the quality
management system.
product.
8.2.4 Monitoring and
measurement of
product
This shall be carried out at
appropriate stages of the
product realization process
in accordance with the
planned arrangements (see
7.1).
Evidence of conformity with
the acceptance criteria shall
be maintained. Records
shall indicate the person(s)
authorizing release of
product (see 4.2.4).
Product release and service
delivery shall not proceed
until the planned
arrangements (see 7.1)have been satisfactorily
completed, unless otherwise
approved by a relevant
authority and, where
applicable, by the customer.
Note has been deleted
This shall be carried out at
appropriate stages of the
product realization process
in accordance with the
planned arrangements (see
7.1). Evidence of conformity
with the acceptance criteriashall be maintained.
Records shall indicate the
person(s) authorizing
release of product for
delivery to the customer
(see 4.2.4).
The release of product and
delivery of service to thecustomer shall not proceed
until the planned
arrangements (see 7.1)
have been satisfactorily
completed, unless
otherwise approved by a
relevant authority and,
where applicable, by the
Paragraphs slightly re-arranged
for clarity and emphasis of
records.
Wording adjusted for clarity.
8/19/2019 Change in ISO9001-2008.pdf
16/17
Page 16 :
customer.
8.3 Control of non
conforming product
The controls and related
responsibilities and
authorities for dealing with
nonconforming product shall
be defined in a documented
procedure.
This paragraph has been
removed:
When nonconforming
product is detected after
delivery or use has started,
the organization shall take
action appropriate to the
effects, or potential effects,of the nonconformity.
A documented procedure
shall be established to
define the controls and
related responsibilities and
authorities for dealing with
nonconforming product.
Where applicable, the
organization shall deal with
nonconforming product by
one or more of the following
ways:
d) by taking action
appropriate to the effects, or
potential effects, of the
nonconformity when
nonconforming product is
detected after delivery or
use has started.
Documented procedure given
more emphasis and brought to
the beginning of the clause.
Some flexibility introduced
through the words ‘where
applicable’.
Clauses have been re-arranged
so that ‘records’ is last.
8.4 Analysis of data. a) customer satisfaction
(see 8.2.1),
b) conformity to product
requirements (see 7.2.1),
c)characteristics and trends
of processes and products
including opportunities for
preventive action, and
d) suppliers.
a) customer satisfaction(see 8.2.1),
b) conformity to productrequirements (see8.2.4),
c) characteristics andtrends of processes andproducts includingopportunities forpreventive action (see8.2.3 and 8.2.4), and
d) suppliers (see 7.4).
New clause references addedfor guidance.
8.5.2 Corrective
action
f) reviewing corrective action
taken.
e) reviewing the
effectiveness of the
corrective action taken.
The word ‘effectiveness’ has
been added to this sub-clause
which strengthens the purpose
of this requirement.
8/19/2019 Change in ISO9001-2008.pdf
17/17
Page 17 :
8.5.3 Preventive
action
e) reviewing preventive
action taken.
f) reviewing the
effectiveness of thepreventive action taken.
The word ‘effectiveness’ has
been added to this sub-clausewhich strengthens the purpose
of this requirement.
Annex A Updated to reflect ISO
9001:2008 versus ISO
14001:2004
Annex B Updated to reflect ISO
9001:2008 versus ISO
9001:2000