In misc.industry.quality Scott P. Duncan wrote:
As promised, here are my observations on the major changes made in going from the CD2 version of ISO 9001 (2000) to the DIS version.
In general, I'd say there is enough difference that, if specific wording is a concern at this time, you may want to get a copy. If nuances that would be of concern in an actual conformance audit situation are not that important right now ( i.e., you can wait for the FDIS text, at least), then you can probably avoid buying the DIS version. I have not tried to cover, word-by-word, everything that is different as what follows is long enough and, I think, gets across the major ideas.
The DIS version uses less verbose wording and uses an outline (main statement with a), b), etc. bullets) rather than a paragraph structure with sentences in many cases. It strengthens some words, e.g., saying define and identify rather than just determine.
It also removes system level when discussing procedures and replaces General Requirements with Planning as the name of various subsections. Overall, intent seems clearer, redundancy is eliminated, and a greater emphasis is placed on implementation of effective process as opposed to just establishment and definition.
I'll try to take a section-by-section approach to the comparison.
Under Terms and Definitions it now states what a product is (adapted from the vocabulary in ISO 9000 (2000) document). This leads to eliminating use of product and/or service in favor of just product throughout the document.
Quality Management System
The General Requirements section requires an organization to ensure the availability of information necessary to support the operation and monitoring of the processes defined by the quality system.
A note has been added that [w]here the term Œdocumented procedure‚ appears ... [this] requires the procedure to be established, documented, implemented, and maintained.
Management Responsibility
Various sections now emphasize that top management shall ensure that requirements for each section are achieved.
The Management Commitment section adds the need to be sure the organization understands legal and regulatory expectations as well as customer requirements. (The Legal Requirements section is deleted though it was about making sure that the organization has access to such requirements rather than management making sure it communicates the importance of them to the organization. But the same effect is achieved since being able to communicate them would imply having access to them to do so.)
The Customer Requirements section is renamed Customer Focus and it no longer says management must ensure requirements are fully understood and met but does say the requirements must be fulfilled.
The Quality Policy section says it should be appropriate for the needs of the customer as well as the organization. It also says the policy shall be controlled according to section 5.5.6, Control of Documents.
The Planning section‚s Quality Objectives requirement says that objectives shall be measurable. It‚s Quality Planning requirements no longer mention identifying quality characteristics at different stages to achieve the desired results nor does it mention verification activities or criteria at all. Instead it says planning shall include continual improvement of the quality system.
What was the Quality Management System section under Management Responsibility is now called Administration and the General Requirements paragraph is gone, being redundant (in my opinion) with much of what is stated elsewhere up to this point. The Responsibility and Authority paragraph no longer mentions defining organizational freedom regarding tasks that affect quality.
The Management Representative requirements now say promoting awareness of the quality system within the organization rather than ensuring it. However, the Internal Communication requirement now says the organization shall ensure communication between its various levels and functions rather than just establish and maintain procedures for such communication.
The Quality Manual requirements now mention that it include the scope (and justification for any exclusions which is the new term for any reductions in scope), documented procedures or reference to them, and the sequence and interaction of the processes in the system. The phrase description of the elements of the quality management system does not appear. As with the policy, the manual must be controlled according to 5.5.6, Control of Documents. A note indicates the quality manual may be part of the overall documentation of the organization of saying it need not be a stand-alone document.
The Control of Documents requirements no longer mention a master list, just saying instead that revision status must be identified. Neither do they specifically discuss removal of obsolete documents to prevent unintended use. They just say some procedure must exist to see to it that such use does not occur. Also, the note regarding documents being in any form or any type of media is gone, perhaps because it is considered too obvious to state by now.
The Management Review section no longer discusses establishing a procedure for management review, just that top management will periodically review the quality system. It does say that one of the outputs, instead of actions related to process, product and/or service audits will be actions related to improvement of product related to customer requirements.
Resource Management
The General Requirements section is now called Provision of resources and specifies resources needed to improve quality system processes, not just establish and maintain them. They also include resources to address customer satisfaction.
The Human Resources section in its requirements on competency, training, and awareness (qualification having been dropped from the title) states that employees must be aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives. This, presumably, is intended to replace the e)-i) statements in the CD2 version which are gone.
The Information section is gone.
The Infrastructure section is now called Facilities and suitable maintenance has been removed as a requirement, presumably because and maintain the facilities is in the requirement already.
The Work Environment section no longer specifies points a)-d) as details backing up the more general statement preceding them.
Product Realization (since product includes services, this word is not in the title any longer).
The Planning of realization processes section does not specifically reference the Quality Planning requirements though it speaks of planning the processes for realization of product. The a)-f) statements are replaced by four which reference quality, processes and documentation specific to the product, v&v activities and acceptance criteria, and records necessary to provide confidence of [product and process] conformity.
The Review of Product Requirements section (which had used the word customer, not product in the title) now refers to documented requirements rather than using the word written. It also states that relevant documentation is amended if requirements are changed and that relevant personnel are made aware of the changed requirements.
The Customer Communication requirements combine c) and d) into customer feedback, including customer complaints.
Design and Development
The Design and/or development planning section states that [p]lanning output shall be updated, as appropriate, as the design and/or development progresses. The Input requirements now include functional as well as performance requirements, but do not mention environmental ones.
The Output requirements include the need to provide appropriate information for production and service operations and refer to section 7.5, Production and Service Operations. The Verification and Validations requirements no longer mention planning, emphasizing performance of the activities instead.
The Control of Change requirements are renamed to make it clear these items are speaking about change to design and/or development. The detail in a)-d) is missing and replaced by a more generic statement regarding evaluation of the effect of changes on constituent parts and delivered products. It also specifies that, besides approval of changes, that they be verified and validated, as appropriate. A note is added toee ISO 10007 for guidance.
Purchasing‚s General Requirements section is now called purchasing control but reads about the same. Under Purchasing Information it is now clear that quality system management requirements are the ones of concern rather than any management system requirements as previously stated.
The Production and Service Operations section‚s General Requirements are now called Operations Control and no longer addresses the provision of suitable working environments. Reference to parts or components of a product or elements of a service have been removed and, in some cases, constituent parts of a product is the phrase used instead.
In the Validation of Processes requirements, the phrase readily or economically has been removed. The phrase monitoring, inspection and/or testing is replaced with measurement or monitoring. The phrase effectiveness and acceptability has been changed to ability...to achieve planned results. The whole sentence starting Evidence of validated processes has been removed. And finally, c) use of specific procedures and/or records has been split into two items mentioning defined methodologies and procedures and requirements for records.
Under Control of Measuring and Monitoring Devices, a lot of wording has been changed, mostly to be less verbose, but some which removes requirements. One particular removal has been the statement that special purpose software developed specifically to test a product has to meet the Design and Development section requirements. Another thing removed has to do with the specific requirement on suitability of environmental conditions.
Measurement, Analysis and Improvement
The Planning section does not mention analysis but does address determining the need for, and use of, applicable methodologies including statistical techniques. Issues of type, location, and frequency, periodic evaluation of effectiveness, appropriate statistical tools, and the use of analysis as an input to the management review process are no longer mentioned. The Measurement and Monitoring section no longer has the system performance requirements paragraph.
Its Internal Audit requirements say periodic, not objective, audits and eliminates the statement that an organization may out improvement audits. Obviously an organization may do many things besides what the standard says they shall or must. But added requirements include the need to document responsibilities and requirements for conducting audits, independence, and the recording of results to report to management. In addition [m]anagement shall take timely corrective action on deficiencies found during the audit and make sure verification of the implementation of such actions occurs.
Under Product measurement it states they should occur at appropriate stages during realization of the product and that release of the product shall not proceed until all specified activities have been satisfactorily completed, unless otherwise approved by the customer.
The Control of Non-Conformity section is no longer split into general requirements and those regarding review and disposition, removing redundancy between the subsections. The major content removed is the list of dispositions, i.e., the DIS no longer says what dispositions shall be carried out.
The Analysis of Data for Improvement section is now just called Analysis of Data. The five point list on what information the analysis should provide no longer mentions suitability, effectiveness, and adequacy of the quality management system as this is addressed earlier in the section. It also replaces process operation trends with suppliers.
The Improvement section, as others, renames General Requirements to Planning (in this case, for continual improvement). Interestingly, it removes the word internal from audit results, implying that external audit results should not be ignored as input to improvement activity. The Corrective Action requirements no longer says to establish a process to reduce or eliminate causes of nonconformity but say that corrective action shall be taken to eliminate such causes, emphasizing the doing of the process of addressing nonconformity, not just its definition. The same is true for the Preventive Action requirements.
Scott P. Duncan
As promised, here are my observations on the major changes made in going from the CD2 version of ISO 9001 (2000) to the DIS version.
In general, I'd say there is enough difference that, if specific wording is a concern at this time, you may want to get a copy. If nuances that would be of concern in an actual conformance audit situation are not that important right now ( i.e., you can wait for the FDIS text, at least), then you can probably avoid buying the DIS version. I have not tried to cover, word-by-word, everything that is different as what follows is long enough and, I think, gets across the major ideas.
The DIS version uses less verbose wording and uses an outline (main statement with a), b), etc. bullets) rather than a paragraph structure with sentences in many cases. It strengthens some words, e.g., saying define and identify rather than just determine.
It also removes system level when discussing procedures and replaces General Requirements with Planning as the name of various subsections. Overall, intent seems clearer, redundancy is eliminated, and a greater emphasis is placed on implementation of effective process as opposed to just establishment and definition.
I'll try to take a section-by-section approach to the comparison.
Under Terms and Definitions it now states what a product is (adapted from the vocabulary in ISO 9000 (2000) document). This leads to eliminating use of product and/or service in favor of just product throughout the document.
Quality Management System
The General Requirements section requires an organization to ensure the availability of information necessary to support the operation and monitoring of the processes defined by the quality system.
A note has been added that [w]here the term Œdocumented procedure‚ appears ... [this] requires the procedure to be established, documented, implemented, and maintained.
Management Responsibility
Various sections now emphasize that top management shall ensure that requirements for each section are achieved.
The Management Commitment section adds the need to be sure the organization understands legal and regulatory expectations as well as customer requirements. (The Legal Requirements section is deleted though it was about making sure that the organization has access to such requirements rather than management making sure it communicates the importance of them to the organization. But the same effect is achieved since being able to communicate them would imply having access to them to do so.)
The Customer Requirements section is renamed Customer Focus and it no longer says management must ensure requirements are fully understood and met but does say the requirements must be fulfilled.
The Quality Policy section says it should be appropriate for the needs of the customer as well as the organization. It also says the policy shall be controlled according to section 5.5.6, Control of Documents.
The Planning section‚s Quality Objectives requirement says that objectives shall be measurable. It‚s Quality Planning requirements no longer mention identifying quality characteristics at different stages to achieve the desired results nor does it mention verification activities or criteria at all. Instead it says planning shall include continual improvement of the quality system.
What was the Quality Management System section under Management Responsibility is now called Administration and the General Requirements paragraph is gone, being redundant (in my opinion) with much of what is stated elsewhere up to this point. The Responsibility and Authority paragraph no longer mentions defining organizational freedom regarding tasks that affect quality.
The Management Representative requirements now say promoting awareness of the quality system within the organization rather than ensuring it. However, the Internal Communication requirement now says the organization shall ensure communication between its various levels and functions rather than just establish and maintain procedures for such communication.
The Quality Manual requirements now mention that it include the scope (and justification for any exclusions which is the new term for any reductions in scope), documented procedures or reference to them, and the sequence and interaction of the processes in the system. The phrase description of the elements of the quality management system does not appear. As with the policy, the manual must be controlled according to 5.5.6, Control of Documents. A note indicates the quality manual may be part of the overall documentation of the organization of saying it need not be a stand-alone document.
The Control of Documents requirements no longer mention a master list, just saying instead that revision status must be identified. Neither do they specifically discuss removal of obsolete documents to prevent unintended use. They just say some procedure must exist to see to it that such use does not occur. Also, the note regarding documents being in any form or any type of media is gone, perhaps because it is considered too obvious to state by now.
The Management Review section no longer discusses establishing a procedure for management review, just that top management will periodically review the quality system. It does say that one of the outputs, instead of actions related to process, product and/or service audits will be actions related to improvement of product related to customer requirements.
Resource Management
The General Requirements section is now called Provision of resources and specifies resources needed to improve quality system processes, not just establish and maintain them. They also include resources to address customer satisfaction.
The Human Resources section in its requirements on competency, training, and awareness (qualification having been dropped from the title) states that employees must be aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives. This, presumably, is intended to replace the e)-i) statements in the CD2 version which are gone.
The Information section is gone.
The Infrastructure section is now called Facilities and suitable maintenance has been removed as a requirement, presumably because and maintain the facilities is in the requirement already.
The Work Environment section no longer specifies points a)-d) as details backing up the more general statement preceding them.
Product Realization (since product includes services, this word is not in the title any longer).
The Planning of realization processes section does not specifically reference the Quality Planning requirements though it speaks of planning the processes for realization of product. The a)-f) statements are replaced by four which reference quality, processes and documentation specific to the product, v&v activities and acceptance criteria, and records necessary to provide confidence of [product and process] conformity.
The Review of Product Requirements section (which had used the word customer, not product in the title) now refers to documented requirements rather than using the word written. It also states that relevant documentation is amended if requirements are changed and that relevant personnel are made aware of the changed requirements.
The Customer Communication requirements combine c) and d) into customer feedback, including customer complaints.
Design and Development
The Design and/or development planning section states that [p]lanning output shall be updated, as appropriate, as the design and/or development progresses. The Input requirements now include functional as well as performance requirements, but do not mention environmental ones.
The Output requirements include the need to provide appropriate information for production and service operations and refer to section 7.5, Production and Service Operations. The Verification and Validations requirements no longer mention planning, emphasizing performance of the activities instead.
The Control of Change requirements are renamed to make it clear these items are speaking about change to design and/or development. The detail in a)-d) is missing and replaced by a more generic statement regarding evaluation of the effect of changes on constituent parts and delivered products. It also specifies that, besides approval of changes, that they be verified and validated, as appropriate. A note is added to
Purchasing‚s General Requirements section is now called purchasing control but reads about the same. Under Purchasing Information it is now clear that quality system management requirements are the ones of concern rather than any management system requirements as previously stated.
The Production and Service Operations section‚s General Requirements are now called Operations Control and no longer addresses the provision of suitable working environments. Reference to parts or components of a product or elements of a service have been removed and, in some cases, constituent parts of a product is the phrase used instead.
In the Validation of Processes requirements, the phrase readily or economically has been removed. The phrase monitoring, inspection and/or testing is replaced with measurement or monitoring. The phrase effectiveness and acceptability has been changed to ability...to achieve planned results. The whole sentence starting Evidence of validated processes has been removed. And finally, c) use of specific procedures and/or records has been split into two items mentioning defined methodologies and procedures and requirements for records.
Under Control of Measuring and Monitoring Devices, a lot of wording has been changed, mostly to be less verbose, but some which removes requirements. One particular removal has been the statement that special purpose software developed specifically to test a product has to meet the Design and Development section requirements. Another thing removed has to do with the specific requirement on suitability of environmental conditions.
Measurement, Analysis and Improvement
The Planning section does not mention analysis but does address determining the need for, and use of, applicable methodologies including statistical techniques. Issues of type, location, and frequency, periodic evaluation of effectiveness, appropriate statistical tools, and the use of analysis as an input to the management review process are no longer mentioned. The Measurement and Monitoring section no longer has the system performance requirements paragraph.
Its Internal Audit requirements say periodic, not objective, audits and eliminates the statement that an organization may out improvement audits. Obviously an organization may do many things besides what the standard says they shall or must. But added requirements include the need to document responsibilities and requirements for conducting audits, independence, and the recording of results to report to management. In addition [m]anagement shall take timely corrective action on deficiencies found during the audit and make sure verification of the implementation of such actions occurs.
Under Product measurement it states they should occur at appropriate stages during realization of the product and that release of the product shall not proceed until all specified activities have been satisfactorily completed, unless otherwise approved by the customer.
The Control of Non-Conformity section is no longer split into general requirements and those regarding review and disposition, removing redundancy between the subsections. The major content removed is the list of dispositions, i.e., the DIS no longer says what dispositions shall be carried out.
The Analysis of Data for Improvement section is now just called Analysis of Data. The five point list on what information the analysis should provide no longer mentions suitability, effectiveness, and adequacy of the quality management system as this is addressed earlier in the section. It also replaces process operation trends with suppliers.
The Improvement section, as others, renames General Requirements to Planning (in this case, for continual improvement). Interestingly, it removes the word internal from audit results, implying that external audit results should not be ignored as input to improvement activity. The Corrective Action requirements no longer says to establish a process to reduce or eliminate causes of nonconformity but say that corrective action shall be taken to eliminate such causes, emphasizing the doing of the process of addressing nonconformity, not just its definition. The same is true for the Preventive Action requirements.
Scott P. Duncan