Auditing clause 8 ISO 9001 | PEN Associates. LLC

Return to Library

Auditing ISO 9001:2015 Clause 8.0 - Operation

by Walt Prystaj

When auditing ISO 9001:2015 Clause 8 (Operation), it’s essential to assess processes related to the planning, control, and fulfillment of production and service provision. Here’s a guide on auditing Clause 8, complete with objectives, key questions, and examples of evidence to look for.

Objectives

Verify Process Planning: Ensure that operational planning considers customer requirements and quality objectives.
Assess Operational Control: Confirm controls are implemented to manage production and service processes effectively.
Check Compliance with Requirements: Confirm that processes meet the requirements for product/service conformity.
Evaluate Change Management: Confirm that operational changes are controlled to prevent unintended effects on quality.
Review Outsourced Processes: Ensure controls are in place for outsourced processes to maintain quality.
Validate Release and Post-Delivery Activities: Confirm that activities post-delivery are controlled according to customer requirements and regulatory needs.

Key Audit Questions by Sub-clause

8.1 Operational Planning and Control

Are processes for production/service provision planned to meet quality and regulatory requirements?
How are risks and opportunities managed to prevent issues in product conformity?
What controls ensure product requirements are met consistently?
Are changes in processes planned, reviewed, and controlled?

8.2 Requirements for Products and Services

How are customer requirements reviewed before acceptance?
Is there a process for managing changes in customer requirements?
What is the process for communicating with customers about orders, changes, and feedback?

8.3 Design and Development of Products and Services (if applicable)

Is there a defined process for design and development, including planning, inputs, controls, and outputs?
How are design inputs reviewed, and how is verification and validation of outputs conducted?
What is the approach for managing changes in design during and after development?

8.4 Control of Externally Provided Processes, Products, and Services

Are criteria established for the selection and evaluation of suppliers?
How are outsourced processes controlled to ensure they meet quality requirements?
How does the organization monitor supplier performance?

8.5 Production and Service Provision

Are documented instructions available for production/service activities, including validation and monitoring?
What is the approach for product identification and traceability throughout production?
How is equipment maintained to ensure consistent quality?

8.6 Release of Products and Services

Are there defined acceptance criteria for products/services?
How are products inspected before release to ensure they meet requirements?
Who is responsible for authorizing the release of products/services?

8.7 Control of Nonconforming Outputs

What is the process for identifying and controlling nonconforming products/services?
How does the organization determine actions for nonconforming products (e.g., rework, scrap, concession)?
How are corrective actions recorded and evaluated for effectiveness?

Evidence to Collect

Operational Planning Documents:
- Production/service provision plans, risk assessments, control plans, and scheduling documents.
Customer Requirements and Communication Records:
- Contracts, order specifications, customer requirements, and communications logs.
Design and Development Documentation:
- Design plans, inputs, reviews, validation records, and design change records.
Supplier and Outsourced Process Records:
- Supplier evaluation and selection criteria, performance reports, contracts, and audits of outsourced processes.
Production Records:
- Work instructions, inspection and testing records, equipment maintenance logs, calibration records, and traceability information.
Product Release Records:
- Acceptance criteria, inspection reports, and release authorization records.
Nonconforming Product Logs:
- Nonconformity reports, corrective action records, and disposition decisions.

Auditing ISO 9001:2015 Clause 8.0 - Operation

by Walt Prystaj

When auditing ISO 9001:2015 Clause 8 (Operation), it’s essential to assess processes related to the planning, control, and fulfillment of production and service provision. Here’s a guide on auditing Clause 8, complete with objectives, key questions, and examples of evidence to look for.

Objectives

Verify Process Planning: Ensure that operational planning considers customer requirements and quality objectives.

Assess Operational Control: Confirm controls are implemented to manage production and service processes effectively.

Check Compliance with Requirements: Confirm that processes meet the requirements for product/service conformity.

Evaluate Change Management: Confirm that operational changes are controlled to prevent unintended effects on quality.

Review Outsourced Processes: Ensure controls are in place for outsourced processes to maintain quality.

Validate Release and Post-Delivery Activities: Confirm that activities post-delivery are controlled according to customer requirements and regulatory needs.

Key Audit Questions by Sub-clause

8.1 Operational Planning and Control

Are processes for production/service provision planned to meet quality and regulatory requirements?

How are risks and opportunities managed to prevent issues in product conformity?

What controls ensure product requirements are met consistently?

Are changes in processes planned, reviewed, and controlled?

8.2 Requirements for Products and Services

How are customer requirements reviewed before acceptance?

Is there a process for managing changes in customer requirements?

What is the process for communicating with customers about orders, changes, and feedback?

8.3 Design and Development of Products and Services (if applicable)

Is there a defined process for design and development, including planning, inputs, controls, and outputs?

How are design inputs reviewed, and how is verification and validation of outputs conducted?

What is the approach for managing changes in design during and after development?

8.4 Control of Externally Provided Processes, Products, and Services

Are criteria established for the selection and evaluation of suppliers?

How are outsourced processes controlled to ensure they meet quality requirements?

How does the organization monitor supplier performance?

8.5 Production and Service Provision

Are documented instructions available for production/service activities, including validation and monitoring?

What is the approach for product identification and traceability throughout production?

How is equipment maintained to ensure consistent quality?

8.6 Release of Products and Services

Are there defined acceptance criteria for products/services?

How are products inspected before release to ensure they meet requirements?

Who is responsible for authorizing the release of products/services?

8.7 Control of Nonconforming Outputs

What is the process for identifying and controlling nonconforming products/services?

How does the organization determine actions for nonconforming products (e.g., rework, scrap, concession)?

How are corrective actions recorded and evaluated for effectiveness?

Evidence to Collect

Operational Planning Documents:

Production/service provision plans, risk assessments, control plans, and scheduling documents.

Customer Requirements and Communication Records:

Contracts, order specifications, customer requirements, and communications logs.

Design and Development Documentation:

Design plans, inputs, reviews, validation records, and design change records.

Supplier and Outsourced Process Records:

Supplier evaluation and selection criteria, performance reports, contracts, and audits of outsourced processes.

Production Records:

Work instructions, inspection and testing records, equipment maintenance logs, calibration records, and traceability information.

Product Release Records:

Acceptance criteria, inspection reports, and release authorization records.

Nonconforming Product Logs:

Nonconformity reports, corrective action records, and disposition decisions.