Transition from ISO 9001:2000 to ISO 9001:2008

Transition from ISO 9001:2000 to ISO 9001:2008

This reference guide was developed to help you understand the nature of the changes to theISO 9001 standard.

Clause Change/Emphasis Not Auditable

0.1 General – Added language emphasizing statutory and regulatory requirements are a concern as it relates to products for this international standard.

0.4 Compatibility with Other Management Systems Standards - Emphasis was added on the consideration given to ISO 14001:2004 to ensure that the standards are compatible.

1.1 General

1.2 Application – “Statutory” was added in certain paragraphs to ensure the user is aware that these requirements must be taken into consideration. Additional notes were added to explain that where the word “product” appears, it refers to every stage of its existence, from raw material received to the final product being shipped to the customer.

2. Normative Reference – Reference to ISO 9000 (vocabulary and concepts) was updated to refer to the current revision (i.e. ISO 9000:2005).

3. Terms and Definitions – The supplier/organization/customer model was removed. These relationships, in reality, are not always linears.

The Auditable Requirements
Clause Change/Emphasis
4.1
In 4.1 a, “identify” was replaced with “determine” to emphasize that an organization must give careful consideration to what processes are needed in order to fulfill requirements.
A link is drawn to 7.4 in the additional note. This was done to show that the supplier approval, evaluation, and re-evaluation process is where evidence of controlled outsourced processes should be demonstrated.
4.2.1
References to records and documents were consolidated.
Also, the organization can require records not specified in this international standard that are created and maintained.
4.2.3
Clarification is given to the requirement for outsourced documents. Only those needed for the planning and operation of the QMS need to be controlled. This could exclude documents related to occupational health and safety since ISO 9001 contains requirements only concerned with product (see 0.1).
4.2.4
Rephrased, but no additional clarifications or emphasis added. Editorial change only.
5.5.2
The management representative must be from the organization’s management. This would exclude consultants and other individuals external to the organization (e.g. a management representative from the corporate entity). The purpose of this is to ensure that this individual, entrusted with the responsibilities of championing the quality management system, is not “out of touch” with the organization.
6.2.1
The boundaries of competence only extend to individuals who impact product conformity. However, this does not just include those who are directly involved in production. The decisions made by management affect product conformity; therefore, they must be competent as well.

6.2.2
If said personnel have not yet attained the competence needed to perform the assigned job, then the organization must provide training or some other remedy to ensure that competence is achieved. The organization must also have a mechanism to ensure that personnel have been evaluated based on how well they demonstrate their knowledge and skill (i.e. competence). It is not enough to merely provide training or consider an individual’s experience. The organization must prove to itself that this person can, in fact, perform.
6.3
Infrastructure also includes databases and information technology.
6.4
Emphasis is added in a note to highlight that the concept of “work environment” only extends to product quality.
7.1 c
“Measurement” is added.
7.2.1
“Post-delivery activity” is clarified in a note with examples.
7.3.1
A note emphasizes that design verification, validation, and review are different from one another and serve different purposes. Design review is where the organization evaluates if the design can meet requirements and if any changes need to be made. Design verification is where the organization has ensured that requirements have been met (e.g. is the widget blue and is it hexagonal?). Design validation is where the organization proves that the design can perform as required.
However, the records of design verification, validation, and review do not have to be separate.
7.3.3
Production and service provisions also extend to how product is preserved, handled, etc., to ensure product conformity. See 7.5.1
Design outputs must include requirements related to preservation. See 7.5.5.

7.5.2
Notes were added to give examples of the types of processes where this requirement would apply along with a statement that service organizations should have additional considerations in the planning stages when deficiencies and conformity are not likely to be identified prior to delivery.
7.5.3
Product status must be identified throughout product realization, not just the final product. See 1.2.
7.5.4
Wording was modified to add clarity, but the intent of the requirement has not changed.
7.5.5
Again, emphasis is added that care must be given to preserving the product regardless of where it falls in the realization process.
7.6
An obsolete reference to another ISO document was replaced.
The definition of “monitoring and measuring devices” has been clarified to include equipment and devices that are purposed for monitoring and measuring, regardless of their original or intended purpose.
An additional note regarding software was added.
8.2.2
Document and record requirements were reworded and their placement modified to improve clarity.
The reference to the auditing guidance document was updated (i.e. ISO 19011).

8.2.3
Wording was modified to emphasize that correction and corrective actions are not only to be taken to preserve the conformity of the product, but also to preserve the quality management system. For example, internal rejection/scrap rates could show evidence that the organization is preserving product conformity and is taking intermediate action to prevent bad product from being shipped to their customers; however, it could also be a sign that the organization is not efficient since the higher rejection/scrap rates are undesirable.
A note was added to clarify the meaning of “suitable methods” related to planning, monitoring and measurement processes. Suitability should be determined based on risk and the impact that nonconformity would have on the product or process.
8.2.4
Product can be released to other internal processes despite planned arrangements not being satisfactorily completed as long as it conforms prior to release to the customer. This relaxes requirements on intermediate inspection results and records.
8.3
Actions taken against nonconforming product must be proportional to its impact or potential impact. See 8.2.3 related to impact considerations for monitoring and measurement.
This would mean that in the planning stages of a product, the organization needs to customize responses to nonconforming products based on the risk or potential risk to the organization.
This requirement existed in ISO 9001:2000; however, its location has changed.

8.5.2
Nonconformity can have multiple causes (“cause”; i.e. a singular reason, was used in the 2000 version); therefore, the organization must consider this when conducting root cause analysis.
Also, it is not enough to simply review corrective action and ensure that procedures were changed, personnel have been re-trained, and that processes were amended. The organization must review whether or not the action(s) taken were effective; i.e. did they successfully eliminate the nonconforming condition?
8.5.3
Similar to the new emphasis on the effectiveness of corrective action, the organization must also document whether or not the preventive action(s) taken were effective in eliminating the risk of nonconformity.