ISO 9001:2015 Clause 8.3: Design and Development

For products

ISO 9001 has covered the design and development of products since its inception, and defines a product as an output of an organisation that can be produced without any transaction taking place with the customer, i.e., it is a tangible object provided by an organisation that exists even without a customer order.

To understand the applicability of Clause 8.3 to your QMS in relation to products, you will need to consider the following questions:

• Within the scope of the QMS, does your organisation purchase a product against a standard specification that does not change, and provide this to your customers without making any changes to the product itself?
  
  • If yes, then Clause 8.3 of ISO 9001 does not apply.
• Within the scope of the QMS, does your organisation create, develop, change, or manufacture any products for sale to customers?
  
  • If yes, then requirements within Clause 8.3 of ISO 9001 are likely to apply.
• Within the scope of the QMS, do you purchase or manufacture products against specifications provided by approved suppliers, where such products can be changed by the suppliers?
  
  • If yes, then the control of approved suppliers needs to include requirements for design and development and related changes.

If you have properly defined and implemented requirements for the planning and control of product design and development, this should be fairly easy to align with the requirements of Clause 8.3.

For services

Unlike product design and development, the design and development of services is relatively new to ISO 9001 and is not as well established.  ISO 9000 defines a service as being intangible (i.e., an activity, not an object) and where at least one such activity is performed between the organisation and the customer.

Unlike products, services cannot be stored or saved for later use, and many services are now process and / or technology based.

Each service provision has a purpose, and the scope of the service provision is best determined by the connection between the purpose of your organisation and what the users need to achieve by using your service.

Your organisation determines the services it provides and then creates the service activities or service processes as part of service design and development.  You will need to consider the following questions in order to determine the applicability of Clause 8.3:

• Do you provide any services to your customers?
  
  • If no, then there is no requirement to design and develop services.
• Do you create, manage, implement and improve services you provide to your customers?
  
  • If yes, then requirements within Clause 8.3 of ISO 9001 are likely to apply.

Product and service design and development

Many organisations provide both products and related services to its customers, for example:

• Vehicle dealerships may sell cars and offer an associated service, such as a maintenance agreement
• Software providers may offer a software product for sale and provide a maintenance support service via a help desk.

Your organisation should clearly define the products and / or services it offers to its customers, as well as the ‘ownership’ (responsibility and authority) for the product and / or service design and development activities (regardless of whether this is internal or outsourced).

‍

Whilst ISO 9001 permits ‘exclusions’ of non-applicable requirements, organisations should exercise caution in this approach.  The 2015 version of the Standard includes the following wording in Clause 4.3 (Determining the scope of the quality management system):

• Organisations shall apply all requirements of ISO 9001:2015 if they are applicable to the determined scope of the QMS
• Where a requirement of ISO 9001:2015 is determined to not apply, then justification for this must be provided
• A requirement may only be identified as not applicable where it does not affect the ability or responsibility of the organisation to ensure the conformity of products and services, and enhancement of customer satisfaction.

As such, when determining non-applicability, you will need to identify the evidence required to prove that there is no subsequent adverse impact on conformity of products and services, or customer satisfaction.

Where design and development are part of the QMS, an appropriate design and development process (or processes) will need to be documented.  The objective of such processes is to ensure that resulting products and services meet their intended use and specified requirements

Design and development are two linked, but separate, activities (although the terms are often applied synonymously), and your organisation may implement one or both aspects.  

Design is the creative aspect - where inputs are obtained, e.g., customer requirements, applicable statutory or regulatory requirements, etc., and a specification for a new or changed product or service is produced to meet these inputs.  Development, on the other hand, is the more technical or practical aspect, where a new design or specification is realised, or where identified changes are made to an existing product or service.

Outputs from the design and development process(es) provide inputs into the subsequent processes that focus on the provision of products and/or services to customers.

The following graphic depicts a simplified design and development process:

‍

‍

Once the need to design and develop a product or service has been identified, there are some core requirements to consider, the aim of which are to ensure that controls are implemented throughout the design and development processes, and to prevent problems from arising in later stages or in the delivered product or service.

First, you will need to establish appropriate design and development processes, including required process controls and records, to ensure that all applicable ISO 9001 requirements are addressed within the process.  The process will then need to be implemented.  This can be a single process that is specific to each design and development activity, or standalone processes that focus on specific stages of design and development.

The high-level process needs to include stage reviews before the proceeding to the next step.  This will help you avoid rework and wasted effort, as well as unnecessary cost.  Ideally, each ‘stage gateway’ should have specific acceptance criteria.

An ISO 9001-aligned QMS also includes other general requirements that are relevant to the design and development process, such as:

• Responsibilities and authorities for approvals and signoffs, decisions, etc.
• Environment and infrastructure that supports the design and development activities
• Required competencies for both design and development
• Documented information controls to ensure evidence is available
• Issue management, i.e., management of nonconformities, corrections, and corrective actions
• Risk management.

For each design and development activity, you will need to identify, review, and determine all relevant requirements, e.g., customer, regulatory and statutory, health and safety, environmental, etc.  To ensure that no requirements are overlooked, it may be beneficial to follow a standard checklist.  You will need to identify the requirement source, as well as the version and date, to ensure accuracy in the event of future changes to requirements.  At this stage, it is useful to consider whether previous, similar projects or design and development activities can assist in the new venture.

You will need to define design and development activity outputs, i.e., the output specifications, such as form, function and performance.  These outputs will also inform the actual manufacture of products or provision of services and, as such, should provide all necessary information to ensure that relevant criteria are defined and can be fulfilled.

In addition to this, you will need to verify outputs to ensure that they will meet input requirements and specifications, and that acceptance criteria are correct.  Ideally, this function should be conducted by an entity independent of the function or individual who produced the original design.

You will also need to conduct testing that can validate the outputs to ensure that they meet the performance specification.  Where variations are permitted, these criteria need to be clearly defined and controlled.

Clause 8.3 makes frequent references to verification and validation throughout its sub-clauses, and it is important that your organisation understands and distinguishes between the two terms.  ISO 9000 defines verification as ‘the confirmation, through the provision of objective evidence, that specified requirements have been fulfilled’, an example of which would be the confirmation of specifications for a product - its dimensions, colour, operating temperature range, etc.  Meanwhile, the definition for validation is ‘the confirmation through the provision of objective evidence that the requirements for a specific intended use or application have been fulfilled’, i.e., confirmation that the product is actually fit for its intended purpose.  Whilst a product may meet all the requirements for dimensions, colour, operating temperature range, etc., other elements of its design can still render it impractical.  Such impracticalities and design flaws are typically identified during the validation process.  

Design and development activities also need to include a change management process that will ensure effective control of any design and development changes.

Finally, it may be necessary to iterate design and development workflows at various stages of the process, and this flexibility should be built in, e.g., customer feedback received after release may identify opportunities to further improve the outputs.  Each design and development iteration should be uniquely identified and controlled, with traceable links between iterations to ensure access to relevant records, including verification and validation results, reviews, and actions that document the product or service development lifecycle.

‍

Conformance to Clause 8.3 of ISO 9001:2015 is a vital component of an effective QMS, ensuring that products and services are fit for purpose, meet customer requirements, and support continual improvement.  Whether you offer products, services, or a combination of both, this Clause is almost certain to be applicable to your organisation; as such, understanding and effectively implementing its requirements is essential for certification and the long-term success of your QMS.