http://www.risk-technologies.comhttp://www.risk-technologies.comhttp://www.eu-vri.euhttp://www.steinbeis.de
 
 
  
 

Standard Requirements 

The new ISO 9001:2015 text for reference

 

8 Operation

8.1 Operational planning and control

The organization shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6, by:

a) determining the requirements for the products and services;

b) establishing criteria for:

1) the processes;

2) the acceptance of products and services;

c) determining the resources needed to achieve conformity to the product and service requirements;

d) implementing control of the processes in accordance with the criteria;

e) determining, maintaining and retaining documented information to the extent necessary:

1) to have confidence that the processes have been carried out as planned;

2) to demonstrate the conformity of products and services to their requirements.

The output of this planning shall be suitable for the organization's operations.

The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

The organization shall ensure that outsourced processes are controlled (see 8.4).

8.2 Requirements for products and services

8.2.1 Customer communication

Communication with customers shall include:

a) providing information relating to products and services;

b) handling enquiries, contracts or orders, including changes;

c) obtaining customer feedback relating to products and services, including customer complaints;

d) handling or controlling customer property;

e) establishing specific requirements for contingency actions, when relevant.

8.2.2 Determining the requirements for products and services

When determining the requirements for the products and services to be offered to customers, the organization shall ensure that:

a) the requirements for the products and services are defined, including:

1) any applicable statutory and regulatory requirements;

2) those considered necessary by the organization;

b) the organization can meet the claims for the products and services it offers.

8.2.3 Review of the requirements for products and services

8.2.3.1 The organization shall ensure that it has the ability to meet the requirements for products and services to be offered to customers. The organization shall conduct a review before committing to supply products and services to a customer, to include:

a) requirements specified by the customer, including the requirements for delivery and post-delivery activities;

b) requirements not stated by the customer, but necessary for the specified or intended use, when known;

c) requirements specified by the organization;

d) statutory and regulatory requirements applicable to the products and services;

e) contract or order requirements differing from those previously expressed.

The organization shall ensure that contract or order requirements differing from those previously defined are resolved.

The customer's requirements shall be confirmed by the organization before acceptance, when the customer does not provide a documented statement of their requirements

8.2.3.2 The organization shall retain documented information, as applicable:

a) on the results of the review;

b) on any new requirements for the products and services.

 

8.2.4 Changes to requirements for products and services

The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.

8.3 Design and development of products and services

8.3.1 General

The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.

8.3.2 Design and development planning

In determining the stages and controls for design and development, the organization shall consider:

a) the nature, duration and complexity of the design and development activities;

b) the required process stages, including applicable design and development reviews;

c) the required design and development verification and validation activities;

d) the responsibilities and authorities involved in the design and development process;

e) the internal and external resource needs for the design and development of products and services;

f) the need to control interfaces between persons involved in the design and development process;

g) the need for involvement of customers and users in the design and development process;

h) the requirements for subsequent provision of products and services;

i) the level of control expected for the design and development process by customers and other relevant interested parties;

j) the documented information needed to demonstrate that design and development requirements have been met.

8.3.3 Design and development inputs

The organization shall determine the requirements essential for the specific types of products and services to be designed and developed. The organization shall consider:

a) functional and performance requirements;

b) information derived from previous similar design and development activities;

c) statutory and regulatory requirements;

d) standards or codes of practice that the organization has committed to implement;

e) potential consequences of failure due to the nature of the products and services.

Inputs shall be adequate for design and development purposes, complete and unambiguous.

Conflicting design and development inputs shall be resolved.

The organization shall retain documented information on design and development inputs.

8.3.4 Design and development controls

The organization shall apply controls to the design and development process to ensure that:

a) the results to be achieved are defined;

b) reviews are conducted to evaluate the ability of the results of design and development to meet requirements;

c) verification activities are conducted to ensure that the design and development outputs meet the input requirements;

d) validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use;

e) any necessary actions are taken on problems determined during the reviews, or verification and validation activities;

f) documented information of these activities is retained.

NOTE Design and development reviews, verification and validation have distinct purposes. They can be conducted separately or in any combination, as is suitable for the products and services of the organization.

8.3.5 Design and development outputs

The organization shall ensure that design and development outputs:

a) meet the input requirements;

b) are adequate for the subsequent processes for the provision of products and services;

c) include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria;

d) specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision.

The organization shall retain documented information on design and development outputs.

8.3.6 Design and development changes

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.

The organization shall retain documented information on:

a) design and development changes;

b) the results of reviews;

c) the authorization of the changes;

d) the actions taken to prevent adverse impacts.

8.4 Control of externally provided processes, products and services

8.4.1 General

The organization shall ensure that externally provided processes, products and services conform to requirements.

The organization shall determine the controls to be applied to externally provided processes, products and services when:

a) products and services from external providers are intended for incorporation into the organization's own products and services;

b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;

c) a process, or part of a process, is provided by an external provider as a result of a decision by the organization.

The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.

8.4.2 Type and extent of control

The organization shall ensure that externally provided processes, products and services do not adversely affect the organization's ability to consistently deliver conforming products and services to its customers.

The organization shall:

a) ensure that externally provided processes remain within the control of its quality management system;

b) define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output;

c) take into consideration:

1) the potential impact of the externally provided processes, products and services on the organization's ability to consistently meet customer and applicable statutory and regulatory requirements;

2) the effectiveness of the controls applied by the external provider;

d) determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements.

8.4.3 Information for external providers

The organization shall ensure the adequacy of requirements prior to their communication to the external provider.

The organization shall communicate to external providers its requirements for:

a) the processes, products and services to be provided;

b) the approval of:

1) products and services;

2) methods, processes and equipment;

3) the release of products and services;

c) competence, including any required qualification of persons;

d) the external providers' interactions with the organization;

e) control and monitoring of the external providers' performance to be applied by the organization;

f) verification or validation activities that the organization, or its customer, intends to perform at the external providers' premises.

8.5 Production and service provision

8.5.1 Control of production and service provision

The organization shall implement production and service provision under controlled conditions.

Controlled conditions shall include, as applicable:

a) the availability of documented information that defines:

1) the characteristics of the products to be produced, the services to be provided, or the activities to be performed;

2) the results to be achieved;

b) the availability and use of suitable monitoring and measuring resources;

c) the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met;

d) the use of suitable infrastructure and environment for the operation of processes;

e) the appointment of competent persons, including any required qualification;

f) the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement;

g) the implementation of actions to prevent human error;

h) the implementation of release, delivery and post-delivery activities.

8.5.2 Identification and traceability

The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services.

The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.

The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability.

8.5.3 Property belonging to customers or external providers

The organization shall exercise care with property belonging to customers or external providers while it is under the organization's control or being used by the organization. The organization shall identify, verify, protect and safeguard customers' or external providers' property provided for use or incorporation into the products and services.

When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred.

NOTE A customer's or external provider's property can include materials, components, tools and equipment, premises, intellectual property and personal data.

8.5.4 Preservation

The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.

NOTE Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.

8.5.5 Post-delivery activities

The organization shall meet requirements for post-delivery activities associated with the products and services.

In determining the extent of post-delivery activities that are required, the organization shall consider:

a) statutory and regulatory requirements;

b) the potential undesired consequences associated with its products and services;

c) the nature, use and intended lifetime of its products and services;

d) customer requirements;

e) customer feedback.

NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.

8.5.6 Control of changes

The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.

The organization shall retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

8.6 Release of products and services

The organization shall implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met.

The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.

The organization shall retain documented information on the release of products and services. The documented information shall include:

a) evidence of conformity with the acceptance criteria;

b) traceability to the person(s) authorizing the release.

8.7 Control of nonconforming outputs

8.7.1 The organization shall ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.

The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.

The organization shall deal with nonconforming outputs in one or more of the following ways:

a) correction;

b) segregation, containment, return or suspension of provision of products and services;

c) informing the customer;

d) obtaining authorization for acceptance under concession.

Conformity to the requirements shall be verified when nonconforming outputs are corrected.

8.7.2 The organization shall retain documented information that:

a) describes the nonconformity;

b) describes the actions taken;

c) describes any concessions obtained;

d) identifies the authority deciding the action in respect of the nonconformity.

 

 

 

 

 

 
   
 
 
8.1 Operational planning and control
 
 

R-Tech/EU-VRi establishes and implements documented plans and procedures that describe the processes and the controls required for the provision of services in awareness to the objectives, the potential for planned or unintended change, and the risks and opportunities.

The relevant entries can be found under the following links:

MANL: Product Realization and Quality Function Description

MANL: Project Realization

Chapter III. Instructions and Procedures, as pertaining to the relevant task.

 
   
 
 
8.2 Requirements for products and services
 
 

Customer communication 

In accordance with our commitment to exceed our customer’s expectations, R-Tech/EU-VRi highlights effective customer communication as an essential element of delivering customer satisfaction. Appropriate handling of customer communication helps to reduce customer dissatisfaction and in many cases turn a dissatisfying scenario into a satisfying experience. Customer communication occurs through the following formats, events and processes:

1.Leaflets,  brochures, specifications or technical data sheets relating to our projects, products and services

2. Inquiries, quotations and order forms, invoices and credit notes

3. Confirmation of authorized orders and amended orders

4. E-mails, letters and general correspondence

5. Customer feedback and complaints management process

 

The relevant entries can be found under the following links:

Leadership and commitment

PROC-ENG: Customer-Related Processes

How to and how NOT to communicate to our customers/clients/partners/guests

PROC-GP: Dealing with Customer Property

Customer Satisfaction Feedback

 

Determining the requirements for products and services

R-Tech/EU-VRi develops appropriate requirements to ensure that we satisfy the needs and expectations of our customers or relevant interested parties. R-Tech/EU-VRi ensures that customer requirements are clearly articulated and that their requirements are captured and understood before the acceptance of an order.

Customer requirements include the following:

1. Previous customer requirements

2. Statutory and regulatory requirements related to the product

3. Other non-customer specified performance requirements

4. Any additional requirements determined by R-Tech/EU-VRi

 

The relevant entries can be found under the following link:

MANL: Product Realization and Quality Function Description

 

Review of the requirements for products and services

R-Tech/EU-VRi takes steps to ensure that its customers' and its own requirements to satisfy the needs and expectations of the customers or relevant interested parties. Aside from developing well articulated requirements (per article 8.1), R-Tech/EU-VRi reviews those requirements before commencement of work and during the product realization within its project management cycle.

The relevant entries can be found under the following links:

Project realization 

Product Realization and Quality Function Description

Measurements, Analysis & Improvement

Corrective and Preventive Measures

Project management

QMS Record Management

Checklists

Walter (document repository)

 

 
   
 
 
8.3 Design and development of products and services
 
 

Design and development planning

 R-Tech/EU-VRi plans and controls the design and development of products and manages the interfaces between different groups involved to ensure communication by determining:

  • the design and development stages
  • the review, verification and validation that are appropriate to each design and development stage
  • the responsibilities and authorities for design and development

Planning output is updated as the design and development progresses.

 

Design and development inputs

R-Tech/EU-VRi determines inputs relating to product design and development to include:

  • functional and performance requirements
  • applicable statutory and regulatory requirements
  • where applicable, information derived from previous similar designs
  • other requirements essential for design and development

These inputs are reviewed for adequacy and are complete, unambiguous and do not conflict.

 

Design and development controls

R-Tech/EU-VRi performs systematic reviews of design and development in accordance with planned arrangements to:

  • evaluate the ability of the results of design and development to meet requirements
  • identify and problems and propose necessary actions
Reviews include representatives of functions concerned with the design and development stages being reviewed and records of the results and necessary actions are maintained.

R-Tech/EU-VRi performs verification of design and development in accordance with planned arrangements to ensure that the design and development outputs have met the design and development input requirements. Records of the results of the verification and necessary actions are maintained.

 

Design and Development Validation

R-Tech/EU-VRi performs validation of design and development in accordance with planned arrangements to ensure that the resulting product is capable of meeting the requirements for the known or specified application, (intended use).Design and development validation is completed prior to delivery unless otherwise specified. Records of the results of validation and necessary actions are maintained.

 

Design and development outputs
R-Tech/EU-VRi provides the outputs in a form that enables verification against the design and development input, which are approved prior to release.
These design and development outputs shall:
  • meet the input requirements for design and development
  • provide appropriate information for purchasing, production and for service provision
  • contain of reference product acceptance criteria
  • specify the characteristics of the product that are essential for its safe and proper use.

 

Design and development changes

R-Tech/EU-VRi identifies design and development changes, and records are maintained. The changes are reviewed, verified and validated as appropriate and approved before implementation. The review of design and development changes includes evaluation of the effect of the changes on constituent parts and products already delivered. 

Records of the results of changes and any necessary actions are maintained.

 

PROC-ENG: Design and Development

 
   
 
 
8.4 Control of externally provided processes, products and services
 
 

R-Tech/EU-VRi develops and maintains its services and products with some minor reliance on external providers; these are chosen and evaluated through the purchasing process.

 

Purchasing
The quality of finished software, products, services and ultimately the customer’s satisfaction depends on procured materials and sub-assemblies. Effective supplier selection, procurement, measurement, supplier rating reports, and joint R-Tech/EU-VRi/supplier efforts are essential to providing high quality software, products and services. Documented Purchasing procedures are in place to facilitate these activities. 

R-Tech/EU-VRi suppliers are evaluated per documented procedures.
Purchase Orders (POs) are placed using R-Tech/EU-VRi assigned released part numbers that are unique to the specific part. Purchase Orders include the applicable Quality System to be applied including all contract requirements. The supplier has the responsibility for ensuring that purchased products meet R-Tech/EU-VRi specifications for quality. 
All purchased material is confirmed to meet required specifications.

 

Analysis of Data
Data and information recorded in quality records are compiled and analyzed periodically to determine trends in the performance and effectiveness of the quality system and to identify opportunities for improvement Some data utilized in this process comes from, but is not limited to, the following:

 

QMS: Evaluation of suppliers

QMS-CHK14: Checklist Qualified Suppliers

 

 

 
   
 
 
8.5 Production and service provision
 
 

R-Tech/EU-VRi reviews the processes needed for Product Realization in accordance with the requirements of other processes of the Quality Management System.
The following is determined with output provided in a form according to standard methods of operation:

  • quality objectives and requirements for the product
  • the need to establish processes, documents, and provide resources specific to the product
  • the required verification, validation, monitoring, inspection and test activities specific to the product and the criteria for product acceptance
  • records needed to provide evidence that the realization processes and resulting product meet necessary requirements

 

Control of production and service provision

R-Tech/EU-VRi establishes and maintains production and service provision under controlled conditions to include the following:

  • the availability of information that describes the characteristics of the product
  • the availability of work instructions, as necessary
  • the use of suitable equipment
  • the availability of monitoring and measuring devices
  • the implementation of monitoring and measurement
  • the implementation of release, delivery and post-delivery activities

 

Identification and traceability

R-Tech/EU-VRi establishes, implements and maintains the appropriate documented procedures for Product Identification and Traceability, during all stages of product realization.

The PM is responsible for Product Identification and Traceability. Products are identified during all stages of production.
 
Traceability is provided to the extent that internal and external requirements and/or contracts specify. Traceability records are maintained for items requiring traceability.

  

Property belonging to customers or external providers

R-Tech/EU-VRi establishes, implements and maintains documented procedures for the verification of products/materials provided by the customer for incorporation into finished goods.

Acceptable customer supplied material is stored and maintained to prevent damage, deterioration or loss. The CEO is responsible for the control of Customer-Supplied property and documents damage to such and reports it to the customer.

 

Validation of Processes for Production and Service Provision

R-Tech/EU-VRi validates processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement, to include processes where deficiencies become apparent only after the product is in use or the service has been delivered. The validation shall demonstrate the ability of these processes to achieve planned results.

R-Tech/EU-VRi establishes arrangements for these processes including:

  • defined criteria for review and approval of the processes
  • approval of equipment and qualification of personnel
  • use of specific methods and procedures
  • requirements for procedures
  • re-validation 

 

Preservation

PM's follow the project and product realization procedures which dictates how to document all requirements, assessments and feedback on the file server and Walter.

PROC-GP: Document Management

How to manage documents in the server WALTER 

 

Post-delivery activities

Focusing on customer satisfaction and feedback; please refer to the corresponding chapter.

 

Control of changes

R-Tech/EU-VRi identifies design and development changes, and records are maintained. The changes are reviewed, verified and validated as appropriate and approved before implementation. The review of design and development changes includes evaluation of the effect of the changes on constituent parts and products already delivered.

 

Records of the results of changes and any necessary actions are maintained.

 
   
 
 
8.6 Release of products and services
 
 

Product
R-Tech/EU-VRi implements inspection and test points to ensure product requirements are met. PM work from detailed work procedures. Records are maintained on all inspection and testing activities.

R-Tech/EU-VRi performs functional and final testing according to the test planning procedureInspection and test records are recorded by the performing function and maintained electronically on the R-Tech/EU-VRi internal network. Records include, but are not limited to: product identification, quantity of product inspected, inspection procedures followed, person performing the test and inspection, date of inspection and/or test, number, type, and severity of defects found.
Product requalification / retesting of released product is accomplished by QMG on a periodic basis. “Retesting” is conducted in a more robust environment than the original acceptance test.

 

Release Management
The product schedules and status information is communicated to the customer in advance. This information aids the customer in planning for upcoming product releases.

 

Changes
Any changes to released documentation require approval of the responsible PM and the QMG, as a minimum. Design Engineering ensures that fixes to problems are incorporated into future designs. Records of the results and review of changes are maintained by the Document Control department. Documented procedures are established to define change processes and for informing customers of changes that affect contractual commitments.

 

Patching Procedures and Patch Documentation

R-Tech/EU-VRi software products utilize patching to distribute software releases only in exceptional cases. Therefore, Patching Procedures and Patch Documentation do not apply.

 
   
 
 
8.7 Control of nonconforming outputs
 
 

Nonconforming products are identified and controlled using procedure Control of nonconforming product which defines activities and responsibilities for dealing with nonconforming product. 

The analysis of detected nonconformity is conducted in order to define the measure to eliminate the nonconformity. Nonconformity can be resolved by repairing and in some cases by using non-conforming product but under concession (to be agreed with the customer or authorities if applicable).

Repaired product (e.g. software) is subjected to the re-verification procedure as defined by product realization procedure and test planning before delivery take place.

If nonconforming product can not be repaired or used as it is, it is marked as non-conforming.

Records related to the nature of the nonconformity and actions taken are maintained.

 

Related Documents: