1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Clause 8.1 - Operational Planning and Control

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Matthew Jeffery, Jul 8, 2020.

  1. Matthew Jeffery

    Matthew Jeffery New Member

    Joined:
    Jul 8, 2020
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Hi,
    My company are currently ISO 27001 accredited and in the process of implementing 9001. As part of this process we have produced a very comprehensive Integrated Quality Manual. An area though that I am slightly confused with is Section 8 - Operational planning and control. Is it necessary to produce a stand along document for this section, or should the manual suffice? Any help would be greatly appreciated.
    Thank you.
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    4,554
    Likes Received:
    2,289
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hi Matthew and welcome.

    Firstly, let's get the terminology sorted out - organizations are "certified" to ISO 27001 and ISO 9001, not accredited (which is something entirely different).

    You don't say what your ISO 9001 certification applies to - the scope - for us to make any meaningful comment. Since ISO 27001 is information security (ISMS) and ISO 9001 (QMS) is product quality, what does the QMS apply to?
     
    John C. Abnet likes this.
  3. Matthew Jeffery

    Matthew Jeffery New Member

    Joined:
    Jul 8, 2020
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Hi Andy,
    Apologies for the incorrect terminology, the companies I have worked in have always phrased it as accredited.

    We are a SaaS company that provides software to Pharmaceutical companies. In order to work with our clients we are expected to be certified to ISO 9001. Due to the data we hold we had to also ensure we were certified to ISO 27001.

    Does that help with the background to the help I was after? Appreciate any advice you can provide. Thanks
     
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    4,554
    Likes Received:
    2,289
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    No problem. As we know, many words are used by some folks without knowing their meaning!

    So, this helps a bunch. SaaS fits nicely into section 8.0 of ISO 9001. In very general terms, the requirements of this section are the core processes which take customer inputs and turn them into deliverables. Planning, quoting/contract management, service design/delivery, control of non-conforming service and so on. It's likely that you'll need a SaaS-savvy guide to walk you through the practical application of the manufacturing-biased terminology to suit your needs, however, or you run the risk of artificially applying requirements which can cause problems in implementation then auditing. You'll also want to choose your Certification Auditor very carefully!
     
    Parag Kumar likes this.
  5. Matthew Jeffery

    Matthew Jeffery New Member

    Joined:
    Jul 8, 2020
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Thanks for that summary of what is expected as part of that section. Am I right in that I do not necessarily need a single document to cover this? In fact a number of SOPs that detail those specific tasks alongside the quality manual which discusses in broad terms how we demonstrate compliance for section 8 should be sufficient?

    Sorry for the number of questions, think I have just hit a wall in document writing!
     
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    4,554
    Likes Received:
    2,289
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Kinda, sorta. Certainly not one document - although you do have to describe the "sequence and interaction", inputs, outputs expected etc.

    I'm not sure about "SOPs", because the standard leaves that up to you! How you define/document a process is optional. Probably don't need 8, either
     
  7. Matthew Jeffery

    Matthew Jeffery New Member

    Joined:
    Jul 8, 2020
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    1
    Andy, thank you for your time today. I think I have a better idea on what is required, appreciate your input.
     
    Andy Nichols likes this.
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    4,554
    Likes Received:
    2,289
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    You are welcome!
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    4,554
    Likes Received:
    2,289
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    A quick thought: Has your management ever considered ISO 20,000? It's a better fit for what you do than ISO 9001. I'd imagine a Pharma company not knowing that! Hence why they push ISO 9001 at you. ISO 20000 is much more applicable, and should yield a better management system.
     
  10. Guy Léger

    Guy Léger Member

    Joined:
    Mar 24, 2020
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    2
    Location:
    Chelyabinsk
    Hello @Matthew Jeffery, sorry if I am late at this topic but I would just like to give supplement information...
    I think according to clause 8. of ISO 9001:2015, the documented information required can be yes a "quality manual" with a "quality plan (ISO 10005:2005)".
    Sorry again for answering late