Become a Marketing Hero

Irresistible website designs and kickass marketing programs that deliver results

Learn More

What is Clause 8 Operation in ISO 9001:2015?

Strap yourself in as we take a deep dive into Clause 8 Operation and how to meet the requirements for your ISO 9001:2015 management system.

In this article, Auditor Training Online's director and triple certified real-world auditor, Jackie Stapleton sits down and explains the importance of Clause 8 to your ISO 9001:2015 Management Systems.

No more guessing or confusion! 


What is Clause 8 Operation talking about in ISO 9001 in general? This article is more about the broad intent or context of Clause 8 in an ISO 9001L2015 management system.

Clause 8 refers to Operation, so when I see this, it helps me to understand that “Right – now we’re at the stage of implementing stuff”. We’ve done all the planning, set some objectives, understand what resources we need, now let’s do it!

Clause 8 in ISO 9001 has a lot of content broken down into 7 subclauses with even more break down under that. I’m going to briefly explain the intent of each of these subclauses, I’m not going to get into the detail of the how and what it looks like for each. If you need this detail keep an eye out for the specific content and articles for each of these subclauses where I go into specifics.

Ok, let’s get moving through these subclauses then.

First up we have clause 8.1 Operational planning and control, and as it states it is all about planning and control at an operational level. This clause wants you to plan, implement and control the processes needed to manage the risks and opportunities as a result of what you discovered in clause 4 Context and clause 6 Planning. Now it’s time to plan how you will implement these actions and really get down to the product and service level of the business and system.

This then leads into clause 8.2 Requirements for products and services. Now you can establish your processes for how and what you will communicate to and from your customers, really define the requirements for your products and services so that you can clearly communicate to your customers what you can provide and ensure that what you say you can provide actually meets what the customer has requested.

If you are responsible for the design and development of your product or service, then clause 8.3 Design and development of products and services will be relevant to your business. For example, here at Auditor Training Online, we design and develop our own course content – we don’t buy it off-the-shelf, so we would need to conform to this clause. Some businesses may find that this clause is not applicable to what they do and therefore can state this as part of their scope. Clause 8.3 then walks you through the requirements of planning, inputs, controls, outputs, and management of change – the complete cycle of design and development.

Clause 8.4 Control of externally provided processes, products, and services is very detailed in its requirements for the control of any processes, products, and services that are being delivered by external parties – so anything that you outsource or have contractors provide. This clause talks about the criteria you need to determine when selecting and evaluating external providers, the type and extent of control needed as well as the information to provide to these external providers. I love this clause and if you do have an integrated management system, you would benefit from applying these requirements across all systems.

Ok, moving right along to clause 8.5 Production and service provision. Now, I know I’ve said that all of clause 8 is about implementation but this clause is REALLY about implementation. You can see it in the language that is used. They say things like:

> The implementation of monitoring and measurement activities

> The use of suitable infrastructure

> The appointment of competent persons

And so on … this is all stated in the first section of 8.5.1, then this is broken down into 5 more subclauses – I told you there was a LOT of content here! You may also find that some of these subclauses may not be applicable to what your activities, products, and services are. These do tend to be very product-focused.

These 5 subclauses are:

> 8.5.2 Identification and traceability – so when traceability is a requirement it’s important to note unique identification of any outputs of your product, service, or activities. For us here at ATOL this would be student id numbers as well as certificate numbers.

> Then clause 8.5.3 Property belonging to customers or external providers is all about if you do collect customer property to conduct your work, then this needs to be looked after – not lost or damaged. While in your care it is to be maintained, which might mean ensuring it is stored correctly and even safely to prevent access from unauthorised users.

> This is then followed by clause 8.5.4 Preservation – preservation during production and service provision can mean anything to do with identification (which is already in clause 8.5.2), handling, contamination control, packaging, storage, transportation and general protection.

> Clause 8.5.5 Post-delivery activities is what you need to consider once you have delivered or finalised your product – it is now handed over into your customers' possession. Is there anything that you also need to consider for post-delivery? This could be training, legal requirements, or storage and handling requirements of the product. Is there anything you need to pass on to the customer to ensure this is managed and controlled?

> Then finally clause 8.5.6 Control of changes – this pretty much means that if any of the above changes, does your product still conform with requirements? Do you have to go back to the beginning again to ensure identification, preservation, and post-delivery activities are maintained?

Then we can move on to clause 8.6 Release of products and services. There does need to be a process in place to authorise the release of a finished product or service. This should be documented with evidence showing conformity of the product to requirements and who authorised the release. Much like we do here at ATOL when releasing new course content – this is always reviewed and approved (or not) by myself prior to release and we have evidence of this in our project management program.

The final clause in all of clause 8, is 8.7 Control of nonconforming outputs. This means that even after all of our hard work to put in place processes to prevent things from going wrong, sometimes they still do occur. These are referred to as nonconformances.

This clause gives us options on how to deal with nonconformances such as fixing it, quarantining the product if it shouldn’t be used, letting the customer know where required and even being able to still provide the product if the customer says it’s ok.

Of course, what option you take all depends on the type of product or service you deliver. We wouldn’t still provide a product to a customer if it doesn’t meet their requirements, or it could cause harm.

This concludes clause 8 for ISO 9001, so I do hope that this gives you a high-level idea of what clause 8’s intent is in ISO 9001 without too many nitty-gritty details.