- 註冊時間
- 2012-1-6
- 積分
- 8440
- 精華
- 0
- 帖子
- 1525
- 閱讀權限
- 100
- 最後登錄
- 2024-12-11
- UID
- 5
- 帖子
- 1525
- 主題
- 739
- 記錄
- 1
- 分享
- 0
- 日誌
- 213
- 閱讀權限
- 100
- 最後登錄
- 2024-12-11
- 在線時間
- 2326 小時
|
8. 運作(operation)
本帖最後由 hlperng 於 2014-11-19 12:46 編輯
第8章「運作」,是 Annex SL 允許每一種管理系統依其特性自行發揮的章節。Annex SL只規定8.1節的內容,第8.2節至8.7是ISO 9001:2015新增部分。
8 Operation
8.1 Operational planning and control
The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in 6.1, by:
a) determining requirements for the products and services;
b) establishing criteria for the processes and for the acceptance of products and services;
c) determining the resources needed to achieve conformity to product and service requirements;
d) implementing control of the processes in accordance with the criteria;
e) retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements.
The output of this planning shall be suitable for the organization’s operations.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
The organization shall ensure that outsourced processes are controlled in accordance with 8.4.
8.2 Determination of requirements for products and services
8.2.1 Customer communication
The organization shall establish the processes for communicating with customers in relation to:
a) information relating to products and services;
b) enquiries, contracts or order handling, including changes;
c) obtaining customer views and perceptions, including customer complaints;
d) the handling or treatment of customer property; if applicable;
e) specific requirements for contingency actions, when relevant.
8.2.2 Determination of requirements related to products and services
The organization shall establish, implement and maintain a process to determine the requirements for the products and services to be offered to potential customers.
The organization shall ensure that:
a) product and service requirements (including those considered necessary by the organization), and applicable statutory and regulatory requirements, are defined;
b) it has the ability to meet the defined requirements and substantiate the claims for the products and services it offeres.
8.2.3 Review of requirements related to products and services
The organization shall review, as applicable:
a) requirements specified by the customer, including the requirements for delivary and post-delivery activities;
b) requirements not stated by the customer, but necessary for the customers’ specified or intended use, when know;
c) additional statutory and requlatory requirements applicable to the products and services;
d) contract or order requirements differing from those previously expressed.
NOTE. Requirements can also include those arising from relevant interested parties.
This review shall be conducted prior to the organization’s commitment to supply products and services to the customer and shall ensure contract or order requirements differing from those previously defined are resolved.
Where the customer does not provide a documented statement of their requirements, the cutomer requirements shall be confirmed by the organization before acceptance.
Documented information describing the results of the review, including any new or changed requirements for the products and services, shall be retained.
Where requirements for products and services are changed, the organization shall ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements.
8.3 Design and development of products and services
8.3.1 General
Where the detailed requirements of the organization’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organization shall establish, implement and maintain a design and development process.
NOTE 1. The organization can also apply the requirements given in 8.5 to the development of processes for production and services provision.
NOTE 2. For services, design and development planning can address the whole service delivery process. The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 together.
8.3.2 Design and development planning
In determining the stages and controls for design and development, the organization shall consider:
a) the nature, duration and complexity of the design and development activities;
b) requirements that specify particular process stages, including applicable design and development reviews;
c) the required design and development verification and validation;
d) the responsibilities and authorities involved in the design and development process;
e) the need to control interfaces between individuals and parties involved in the design and development process;
f) the need for involvement of customer and user groups in the design and development process;
g) the necessary documented information to confirm that design and development requirements have been met.
8.3.3 Design and development inputs
The organization shall determine:
a) requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements;
b) applicable statutory and regulatory requirements;
c) standards or codes of practice that the organization has committed to implements;
d) internal and external resource needs for the design and development of products and services;
e) the potential consequences of failure due to the nature of the products and services;
f) the level of control expected of the design and development process by customers and other relevant interested parties.
Inputs shall be adequate for design and development purposes, complete, and unambiguous. Conflicts among inputs shall be resolved.
8.3.4 Design and development controls
The controls applied to the design and development process shall ensure that:
a) the results to be achieved by the design and development activities are clearly defined;
b) design and development reviews are conducted as planned;
c) verification is conducted to ensure that the design and development outputs have met the design and development input requirements;
d) validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known).
8.3.5 Design and development outputs
The organization shall ensure that design and development outputs:
a) meet the input requirements for design and development;
b) are adequate for the subsequent processes for the provision of products and services;
c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable;
d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use.
The organization shall retain the documented information resulting from the design and development process.
8.3.6 Design and development changes
The organization shall review, control and identify changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements.
Documented information on design and development changes shall be retained.
8.4 Control of external provided products and services
8.4.1 General
The organization shall ensure that externally provided processes, products, and services conform to specified requirements.
The organization shall apply the specified requirements for the control of externally provided products and services when:
a) products and services are provided by external providers for incorporaton into the organization’s own products and services;
b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;
c) a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function.
The organization shall establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements.
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.
8.4.2 Type and extent of control of external provision
In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organization shall take into consideration:
a) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements;
b) the perceived effectiveness of controls applied by the external provider.
The organization shall establish and implement verification or other activities necessary to ensure the externally provided processes, products and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers.
Processes or functions of the organization which have been outsourced to an external provider remain within the scope of the organization’s quality management system; accordingly, the organization shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resulting process output.
8.4.3 Information for external providers
The organization shall communicate to external providers applicable requirements for the following:
a) the products and services to be provided or the processes to be performed on behalf of the organization;
b) approval or release of products and services, methods, processes or equipment;
c) competence of personnel, including necessary qualification;
d) their interactions with the organization’s quality management system;
e) the control and monitoring of the external provider’s performance to be applied by the organization;
f) verification activities that the organization, or its customer, intends to perform at the external provider’s premises.
The organization shall ensure the adequacy of specified requirements prior to their communication to the external provider.
8.5 Production and service operation
8.5.1 Control of production and service provision
The organization shall implement controlled conditions for procedures for production and service provision, including delivery and post-delivery activities.
Controlled conditions shall include, as applicable:
a) the availability of documented information that defines the characteristics of the products and services;
b) the availability of documented information that defines the activities to be performed and the results to be achieved;
c) monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met;
d) the use, and control of suitable infrastructure and process environment;
e) the availability and use of suitable monitoring and measuring resources;
f) the competence and, where applicable, required qualification of persons;
g) the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and services provision where the resulting output cannot be verified by subsequent monitoring or measurement;
h) the implementation of products and services release, delivery and post-delivery activities.
8.5.2 Identification and traceability
Where necessary to ensure conformity of products and services, the organization shall use suitable means to identify process results.
The organization shall identify the status of process outputs with respect to monitoring and measurement requirements throughout production and service provision.
Where traceability is a requirement, the organization shall control the unique identification of process outputs, and retain any documented information necessary to maintain traceability.
NOTE. Process outputs are the results of any activities which are ready for delivery to organization’s customer or to an internal customer (e.g., receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc.
8.5.3 Property belonging to customers or external providers
The organization shall exercise care with property belonging to the customer or external providers while it is under the organization’s control or being used by the organization. The organization shall identify, verify, protect and safeguard and customer’s or external provider’s property provided for use or incorporation into the products and services.
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider.
NOTE. Customer property can include material, components, tools and equipment, customer premises, intellectual property and personal data.
8.5.4 Preservation
The organization shall ensure preservation of process outputs during production and service provisons, to the extent necessary to maintain conformity to requirements.
NOTE. Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.
8.5.5 Post-delivery activities
As applicable, the organization shall meet requirements for post-delivery activities associated with the products and services.
In determining the extent of post-delivery activities that are required, the organization shall consider:
a) the risks associated with the products and services;
b) the nature, use and intened lifetime of the products and services;
c) customer feedback;
d) statutory and regulatory requirements.
NOTE. Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
8.5.6 Control of changes
The organization shall review and control unplanned changes essential for production or service provision to the extent necessary to ensure continuing conformity with specified requirements.
The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.
8.6 Release of products and services
The organization shall implement the planned arrangements at appropriate stages to verify that product and service requirements have been met. Evidence of conformity with the acceptance criteria shall be retained.
The release of products and services to the customer shall not proceed until the planned arragements for verification of conformity have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. Documented information shall provide traceability to the person(s) authorizing release of products and services for delivery to the customer.
8.7 Control of nonconforming process outputs, products and services
The organization shall ensure process outputs, products and services that do not conform to requirements are identified and controlled to prevent their unintended use or delivery.
The organization shall take appropriate corrective action based on the nature of the nonconformity and its impact on the conformity of products and services. This applies also to nonconforming products and services detected after delivery of the products or during the provision of the service.
As applicable, the organization shall deal with nonconforming process outputs, products and services in one or more of the following ways:
a) correction;
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for:
- use “as is” ;
- release, continuation or re-provision of the products and services;
- acceptance udner concession.
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be verified.
The organization shall retain documented information of actions taken on nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with nonconformity.
|
|