ISO 9001 Process Control – Verification and Post-Delivery
This article applies two key ISO 9001 process control clauses and specifically addresses clauses 8.5.5 (Post-Delivery Activities) and 8.6 (Release of Products and Services). The processes associated with these requirements will vary greatly from company to company depending on the nature of the organization, the products or services provided, the industry in which the company operates, risks present in products, services, and processes, etc. Each organization will need to consider each clause and determine the processes and actions needed to adequately satisfy the ISO requirements.
Verification and Release of Products and Services
First, let’s look at clause 8.6 which defines the requirements for inspection, test, and verification of products during production and prior to final release for shipment and/or delivery to customers. While the requirements as stated in the ISO 9001 standard are rather short, there is much to consider and unpack here, as these are critical to demonstrating product and service conformance. In simple terms ISO wants you to check and approve your work before sending it to customers, while verifying that it products and services meet pre-determined specifications and custom expectations.
Let’s break down each of the key ISO 9001 process control requirements:
First off, the requirements state that your verification activities must be planned. As with many of the ISO requirements, you need to plan prior to doing, checking, or acting (remember the PDCA cycle from our previous article – ISO 9001 Process Approach). Planning can be completed through established documented information such as procedures, work instructions, work orders, or other production documentation. Note that planning activities aren’t required to be document by ISO 9001, but would you really want to leave such important information to tribal knowledge?
Plans should probably define the follow as applicable:
- What is to be verified;
- How verification is to be completed (if not obvious);
- When or where in the process verification happens;
- Who completes the verification activities;
- What monitoring and measuring activity is to be completed;
- The monitoring and measuring equipment to be used;
- What the acceptance criteria is;
- What information or data needs to be retained and how it should be captured;
- Actions to take for both conforming and nonconforming outputs of the verification process.
Depending on the complexity of your processes and the products, you may need to complete verification activities at different points in the production process. Simpler products may only need to complete one verification check prior to shipment. You will need to review your processes and determine the best opportunities to verify conformance. While verification adds complexity and cost to your production process, waiting to the end of production to find nonconforming product that could have been identified much earlier is also costly, not only in dollars, but time and resources also.
Requirements Have Been Met:
Your verification activities will need to establish that process outputs have been achieved. What exactly those requirements or criteria are is entirely up to you. Higher complexity processes, products, and services will most likely require more verification, measurement, and testing than simpler ones. Also consider the potential risk to the customer and possible failure modes when deciding what needs to be checked and verified. Verification of a chainsaw will probably require significantly more effort than verification of a toy slinky. Many organizations, based on results of design reviews, FMEA (Failure Mode and Effects Analysis), and risk assessments, identify key or critical product characteristics or attributes to be verified. These are often highlighted or noted in engineering drawings, prints, or specifications. Consider how you will identify the critical aspects of your product or service to be verified throughout production and prior to release.
Release to Customer:
ISO states that you cannot release products or services to customers until your planned verification requirements have been successfully completed. However, with that said, ISO also allows you to bypass your release verification given the appropriate approval (release by concession). Approval should be granted by the proper management authority within your organization. You should also consider the need to notify the custom about the concession and obtain approvals when needed, especially if the product or service knowingly doesn’t meet one or more specifications or requirements. Be sure to document the concession and release approvals, both internal and by the customer.
Retained Documented Information:
ISO mandates that you retain records of verification activities and release of products and services. Specifically, you must keep records of the results of the verification demonstrating that product meets established specifications and/or acceptance criteria, along with identification of the person authorizing the release. Make sure that results clearly indicate whether the product or service passed or failed the verification effort. Capture measurements if applicable or describe observations if the verification is simply a sensory check. The person authorizing the release may or may not be the actual person performing the verification work. Authorization is most likely a set of initials or signature of the person providing the authorization. As long as it is clear who the person is, you should be in good shape. Don’t forget to document any concessions granted and associated approvals.
Delivery and Post-Delivery Activities (Clause 8.5.5)
The ISO 9001 process control activities for post-delivery activities may be minimal for some organizations and significant for others. While one company may only have basic shipping requirements, others may need to ship, install, maintain, and service complex and critical equipment over long product life-cycles. Note that delivery isn’t part of the ISO requirements for this clause, however, we added delivery to this lesson rather than lump it under one of the other production processes. You are free move delivery to any other applicable process and procedure.
Some of these requirements under ISO 9001 – 8.5.5 (requirements a, b, & c) are a little unusual and rarely apply to most organizations. With that said, consider how laws and regulations might impact the need for post-delivery actions by your organization. Are there possible ways your product might be misused or negatively impact customers? Consider the overall life-cycle of your product or service and the way it is used. Again, are there delivery or post-delivery actions that might help mitigate these issues. As you develop your processes for this lesson, look at ways your product or service is used, along with the entire life-cycle, to determine possible post-delivery actions to be taken.
Alright, now on to the real requirements in this clause. In most cases, you will be well aware of your customer’s delivery and post-delivery needs and probably already have well-established processes to address these requirements. Review what your already do and make any needed modifications or improvements to be compliant to ISO 9001.
Delivery should focus on how you move products from your location to end customers or how you deliver and provide your services. Make sure that shipping and transportation providers are evaluated and approved per your External Provider process (see ISO 9001 Control of External Providers). If you have special shipping requirements (fragile products, refrigeration, humidity control, etc.) make sure appropriate controls are established for those needs. You may also need to obtain records from the transportation provider as proof that controls where maintained during shipment.
Post-delivery may encompass things such as installation, maintenance, warranty, service, repair, refurbishment, validation, or any other activity offered by your organization or required by the customer. These are generally defined in the original customer order and should be reviewed, understood, and accepted during the Requirements for Products and Services (Customer Order Management) process (see ISO 9001 Operational Planning and Control). These requirements are often agreed to in some type of contractual service agreement. However they are documented, they should be defined and agreed to prior to accepting the customer order.
The final requirement under this clause states that you should consider feedback from customers when determining possible post-delivery requirements. Review feedback for new opportunities to better serve customers with post-delivery services and incorporate these new activities into your processes.
The key takeaway is that appropriate verification checks should be implemented throughout your operational processes to ensure products and services meet established specifications and satisfy customer expectations. Also, don’t forget to establish key processes for shipment, delivery, installation, setup, and servicing of your products and services. Where needed, be sure to capture and retain appropriate documentation.