Professional Documents
Culture Documents
3 - “Design and
development of products and services”; the most
dreaded auditable clause in the standard, but
does it have to be?
Design
The definition of design is “a plan or drawing produced to show the look and
function or workings of a building, garment, or other object before it is made.”
Simply put into context; if the organization are creating something; be it
tangible (product) or intangible (service), there will almost certainly be an
element of Design.
In such cases, the application of clause 8.3 shall be implemented. Even if the
client “does not design” anything physically themselves and they outsource
the process - the responsibilities cannot also be outsourced, the organization
have to apply the necessary controls (see clause 8.4.1-a). The point to
remember is - who’s paying for it?
Development
The definition of development is “the process of developing or being
developed”. Not a particularly useful definition when applied to the standard!
However, here are a few ‘real-life’ examples that you may have come across
whilst auditing... An organization provides an existing product or service but
need to make changes to enhance the performance or to meet a customer’s
specific requirements; this is development.
I was at an audit not long ago where the client had excluded clause 8.3 from
their management system. Their justification was that they were “making the
product fit the customer’s requirements”; they were modifying the
characteristics of the product to meet the customer’s requirements for their
intended application. Whilst the product itself never actually changed, they
were taking an existing formula and changing the specification in order to
meet the client’s requirement - sound familiar?
Planning - simply put, the organization will have a plan on how they will do
the design and development. Good examples of this would be - A
design/development plan which demonstrates: the project timescales,
deliverables, responsibilities of team/individuals, persons of authority for sign-
off (internal, or external customer), design reviews at relevant points in the
project (e.g. start, confirmation of inputs, post verification, post validation,
finish, etc.), resources required throughout the project, communication with
subsequent process owners, and required controls throughout the project and
intended use of the output. Remember the 6 P’s...
Occasionally undesired things occur; now it’s time to address nonconformity and
corrective action. And to make things better there’s a continual improvement. The
requirements here are familiar and well understood. But what about preventive action? It
does not appear. As some have argued for many years, one of the objectives of a
management system is preventive action. The requirements in clause 4.1 to “…determine
external and internal issues that are relevant to its purpose and that affect its ability to
achieve the intended outcome(s) of its Quality management system” and in clause 6.1 to
“determine the risks and opportunities that need to be addressed to assure the Quality
management system can achieve its intended outcome(s); prevent, or reduce, undesired
effects; achieve continual improvement.” not only address preventive action but go beyond.
And in the end, auditors will look back at the management system established in clause 4.4,
reviewed in clause 9.3 and now continually improved. Finally, although there remains a
requirement for processes, there is no mention anywhere of procedures, documented or
otherwise. If a discipline considers that they are required then they will appear in clause 8
– Operations. However, if they are not a requirement but the organization themselves
consider they need them then that will be their decision