All you need to know…Operations – Clause 8 of ISO 9001:2015

Seven changes you may not have noticed in this revision of ISO 9001…

One of the exercises we use in our Auditor Training is ‘Where’s Waldo?’ Participants look through the new version of ISO 9001 and try to spot where the Standard has changed. These will be part of your ‘how to..’ information so you know where to tweak your current system, if necessary.

Here are some of the results:

Change #1

8.1 – Operational planning now requires us to ‘…implement the actions determined in Clause 6…’. You are probably doing this when you determine customer requirements and review your capability to meet them (8.2.2, 8.2.3). This is part of the new emphasis on risk management and change control.

There’s a new requirement that was implied before – ‘…ensure that outsourced processes are controlled…’. You may be covering this off already in Purchasing when you monitor the performance of your ‘external providers’ (8.4.1, paragraph 3)

Change #2

Customer communication (8.2.1) now includes ‘…handling or controlling customer property…’ and adds a requirement for contingency plans – also related to risk. It’s everywhere, and it will help you avoid hiccups. You may have this covered in Customer Property – ISO 9001:2008, 7.5.4 except for the contingency piece.

Change #3

In design, there’s been a subtle but important change in language around reviews – 8.3.4 requires that provide controls to ensure that ‘…the results to be achieved are defined…’ Auditors will be shifting their focus from ‘Did you follow this procedure?’ to ‘Does this procedure help you get the results that you want?’ This new approach is outlined here in this IRCA paper on Next Generation Auditing

Change #4

The word ‘Process’ has been added to Purchasing. Shouldn’t have an impact on how you do it, but it may result in a change to your vendor list, if you have one. There may be suppliers you’ll want to monitor that were under your radar before. There’s also some new wording around supplier controls: consider ‘…the effectiveness of the controls applied by the external provider…’ (8.4.2, c 2). You may want to add this to your supplier evaluation method.

Change #5

In Production and Service Provision, if you haven’t seen this, there’s a new requirement to include ‘…actions to prevent human error…’ (8.5.1 g). This can be done through communication, competence, engagement – all kinds of ways that you’re likely doing now. Study the workflow to see where errors could happen and do something to prevent them. Another example of risk awareness and preventive action.

Any changes to processes need to be controlled and retained as documented information – this is more detailed now, but the method you’re already using may just do the trick (8.5.6).

Change #6

In Performance Evaluation, there’s a new requirement to ‘…determine when the results from monitoring and measurement shall be analysed and evaluated…’ (9.1.1 d). We’ve had monitoring and measurement since Day 1, but this extra detail might get us re-considering what we’re measuring and make sure that we actually use the results! John Seddon, Vanguard advises us to measure in these 4 areas: Customer, Capability, Process and System. Good advice.

Management review has added a new input to look at: ‘…the effectiveness of actions taken to address risks an opportunities…’ (9.3.2 e). This appears in the list of things to analyse and evaluate (9.1.3)

Change #7

The bombshell: Preventive Action as a specific requirement has been removed – but I’m sure you know this already. Now, we’ll use the entire Management System as our Preventive Action tool, especially the risk and opportunity activities.

So there you have it – 7 things you may not have seen so far in your journey of discovery. If there are changes that affect you that are not listed here, feel free to use the comment box, or send me a note at


To find out if your ISO life can be simpler…

[separator icon=”icon-chevron-down” hex_color=”a1a1a1″]

Here’s the link to our Youtube channel: