Auditing of Design activities in ISO 9001 Scopes

This Bulletin is to highlight the UKAS position with regard to the exclusion of design from ISO 9001 scopes.

The previous version of ISO 9001 specifically permitted the “exclusion” of clauses in certain sections including Design, if they were not related to the client’s Quality Management System (QMS) scope. ISO 9001: 2015 does not include this provision, instead of allowing specific exclusions it uses a more inclusive approach to scoping within clause 4.3, which states that: –

“The organization shall determine the boundaries and applicability of the quality management system to establish its scope.”

and that: –

“The organization shall apply all the requirements of this International Standard if they are applicable within the determined scope of its quality management system.”

The standard does, however, still refer to design but in a specific way, clause 8.3.1 states that “The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.” This reference to the design of products and services is an important one.

Often in the past design has been considered to refer only to product design and exclusions were claimed on this basis, however in many instances, organisations did in fact carry-out design of processes and services.

With this change of emphasis on design within an organisation’s Quality Management System, a claim that an organisation is not involved in design in any way is now less likely.  Therefore, certification body auditors should be mindful when considering the boundaries of a client’s QMS, taking account the design of their processes and services as well as products, so as to ensure that the organisation’s activities relating to such design are fully understood.

The ISO/IAF ISO 9001 Auditing Practices Group (APG) has created a useful guide to auditing design, this includes the following statement: –

“The need for design and development comes from an organization’s context and the application of risk based thinking. Auditors may also review that an organization has considered the following sources:
• customer requirements
• the organization’s strategic intent;
• market intelligence and research;
• service reports;
• customer feedback;
• new or changed statutory and regulatory requirements;
• process changes;
• new technology;
• suppliers.

Auditors should evaluate whether the organization has in place, and performs, activities for the review of such needs. Auditors should review how the decision to proceed with design and development is taken, i.e. have risks and opportunities, including cost implications, been considered and have all relevant interested parties (internal or external) been consulted.”

The full APG document, along with other very useful auditing guides, is available through this link.

Should you require any clarification on the subject covered by this bulletin, please contact; either, Steve Randall, UKAS Accreditation Specialist – Certification – [email protected]
or Kevin Belson, Technical Manager – [email protected]

 

A pdf version of this Technical Bulletin can be found here.