Draft ISO 9001:2009 Clause 4 Changes

In my last newsletter, I gave you the link to access a copy of the draft ISO 9001:2009 standard. Many of the suggested changes are just word changes for improved clarity of the requirements.

For example, under 4.1 General Requirements, sub-clause (a), the word “Identify” has been replaced with “Determine”:

4.1 General Requirements

a) Identify Determine the processes needed for the quality management system and their application throughout the organization (see 1.2),

Although similar, the words “Identify” and “Determine” have slightly different meanings. To identify is to recognize or establish something as being a particular thing. To determine is to apply reason and reach a conclusive decision. Therefore, to determine the processes implies more analysis and judgment than merely identifying them.

Later in clause 4.1 regarding outsourcing, the word “identified” has been replaced with “defined”.

The controls to be applied to these Control of such outsourced processes shall be identified definedwithin the quality management system. 

Defined controls means clearly specified controls. And, the additional text indicates the defined controls are to be applied, not just identified.

Finally, a new Note under clause 4.1 states,

NOTE 2: The requirements of Clause 7.4 of this international standard may also apply to outsourced processes.

Outsourcing a process to another organization typically involves the purchase of those services. As a result, the requirements of clause 7.4, including the controls mentioned in 7.4.1, apply to the supplier selected to perform the outsourced process.

4.2 Documentation Requirements
4.2.1 General

The requirement changes in 4.2.1 are basically just a restructuring of the sub-clauses c), d), and e).

c) documented procedures and records required by this International Standard, and
d) documents, including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes, and
e) records required by this International Standard (see 4.2.4).

You can see that adding “records” to sub-clause c) allowed sub-clause e) to be dropped. Sub-clause d) has been expanded to include the necessary records.

The first Note for clause 4.2.1 has added two more sentences:

A single document may include the requirements for one or more procedures.
A requirement for a documented procedure may be covered by more than one document.

An example for the first sentence would be satisfying the requirements for documented procedures in 8.5.2, Corrective Action, and 8.5.3, Preventive Action, by one combined Corrective and Preventive Action procedure. An example for the second sentence would be splitting the required procedure for the Control of Documents into two separate documented procedures.

4.2.2 Quality Manual
The draft ISO 9001:2009 standard kept the quality manual requirements the same.

4.2.3 Control of Documents
The first sentence of the draft standard still states that documents required by the quality management system are to be controlled. The only suggested change to clause 4.2.3 is shown below:

f) to ensure that documents of external origin necessary for the planning and operation of the quality management system are identified and their distribution controlled, and

The change in sub-clause (f) clarifies that not all external documents have to be identified and controlled; only those necessary for the planning and operation of the quality management system.

4.2.4 Control of Records
The opening sentence for clause 4.2.4 has expanded from records being “maintained” to having them “controlled”. Maintaining the records would be to simply keep them in good condition. Controlling the records means to regulate their use.

Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled.

Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.

The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records.

Records shall remain legible, readily identifiable, and retrievable.

The requirement for a documented Record Control procedure was rewritten as shown above, but the content is basically the same. And, you can see that records must still remain legible, readily identifiable, and retrievable. This text was just moved to the end of clause 4.2.4.

So, the changes to clause 4 in the draft ISO 9001 are primarily clarifications for improved understanding of the existing requirements. No reason for alarm.