Clause 8.3 Design and Development is regularly misunderstood—not just by Quality Managers but by Auditors as well. It is one of the toughest and most confusing clauses and we find a lot of questions regarding clause 8.3. The fact that you need some form of processes for such a creative process can make it very hard. Due to this difficulty, it is probably the most excluded clause. We have even seen companies leaving these activities out of scope to solve this.
The input requirements by ISO9001 for the Design and Development Process are:
- Functional and performance requirements.
- Previous design and development activities that are similar.
- Statutory / regulatory requirements.
- Applicable standards or codes of practice.
- Consequences of failure (risk) associated with the potential of failure due to the nature of the products and services
1. Functional and Performance Requirements
Number one should be pretty clear before the company even starts to do anything. There can be formal requirements from the customer like in a “request for proposal” or they can be known implicitly by talking to a group of potential customers or via desk research. Regardless of how the company gathers the information, it should be clear what the customer expects.
2. Previous Design and Development Activities That Are Similar
When there is a history record of all the things the company has done, it should be fairly easy to get at least a starting point of the activities done in the past. Part of the requirements could be mapped to the new projects. Looking for best practices among the past projects should make it easier to come up with a concise way of working.
3. Statutory / Regulatory Requirements
Rules and regulations should be a top priority when you design and develop products and services, regardless of your industry. Having the right knowledge for all the applicable rules and regulations can be pretty tough due to complexity. Investing in this exercise is money and time well spent because the fines can be quite high when it turns out that the company didn’t operate within the law.
4. Applicable Standards or Codes of Practice
This point is in line with the rules and regulations. A lot of (inter)national standards help companies to uniformly operate. Some great standards are FDA, API, and CE. They serve as a guide for companies when they want to operate in certain markets. Most of the time, customers demand compliance to certain standards as a mandatory requirement in order to do business with them.
5. Consequences of Failure (Risks) Associated with the Potential of Failure Due to the Nature of the Products and Services
A properly performed risk analysis will help the company to tackle this last point. The company should be aware of all the consequences the products or services can have—not only on the company itself but any other stakeholder. Take time to think thoroughly about these risks. This will help the company to plan out the best mitigation plan possible.
These are the basic inputs required for a functioning Design and Development Process. Next post will dive deeper into the output of the process. Don’t forget to subscribe to stay up-to-date!