Design and Development Process

• What are the design and development process standards within ISO 9001:2015?
• How do companies implement design and development processes within their organizations?
• What are some special considerations for design and development process audits?
• What are some common design and development process questions and concerns and how should companies address them?

The design and development process is a collection of procedures that transform product and service requirements into final design specifications. The most common sources for these requirements are customer needs, laws and regulations, the organization’s own standards, and the intended purpose of the product or service.  

Organizations that want their products and services to be successful need to plan their design and development processes by establishing procedures for standardizing, controlling, monitoring, and reviewing design and development activities to ensure quality, consistency, and customer satisfaction.

Design and Development in the ISO 9001 Standard

Clause 8.3: Design and Development of Products and Services

ISO 9001:2015 clause 8.3 replaces 2008’s clause 7.3. Though mostly unchanged, the 2015 update includes an important shift in wording that exempts some organizations from design and development requirements that are not applicable to their operations.

8.3.2: Planning

Organizations build the basic frameworks for all of the subsequent stages of their design and development processes during the planning stage. When planning your design and development process, consider the basic properties of your product or service, determine what sort of verification and validation activities it requires, and identify parties with responsibility for and authority over the process. In addition, you need to define the controls over the relationships among everyone involved in the process as well as how customers and users of the product will be involved in the process. Finally, document all evidence that you are meeting all of your design and development requirements.

8.3.3 and 8.3.5: Inputs and Outputs

As with any process compliant with ISO 9001’s process approach, the design and development process uses its inputs as the “raw material” to build its outputs. In this case, customer needs and legal requirements of products or services are the process inputs, and detailed descriptions and specifications are its outputs. More precisely, the outputs are all of the documentation that incorporates the input requirements into product and service design as “features” such as diagrams, product specifications, and manufacturing procedures. Product and service provisions for identification and preservation are also design and development process outputs.

Consider a company that produces commercial drones. Current FAA regulations set the maximum legal altitude for drone flight at 400 meters. To avoid liability for misuse of its drones, the company considers this limit an input requirement of its design and development process and produces product descriptions, design drawings, and parts lists that incorporate altimeters designed to automatically prevent the drones from flying above 400 meters. In doing so, the company transformed a requirement (a legal regulation) into an output by incorporating it into the product’s design.

8.3.4: Controls

Organizations must apply controls to their design and development processes. The controls need to specify the intended results of the organization’s design and development process, enforce design and development review plans, and implement verification and validation procedures to ensure that final product or service designs and prototypes meet the input requirements.

8.3.6: Changes

An organization’s design and development process is not set in stone. It will evolve over time in response to the discovery of improvement opportunities and evolving requirements. ISO 9001 requires organizations to keep track of, review, and control these changes to make sure they do not lead to quality-reducing nonconformities in the final products or services after they are delivered to customers.

How Do I Implement Design and Development Processes Within My Organization?

Design and development is a broad and complex topic. A complete and comprehensive guide to design and development process planning and management is beyond the scope of this article, so you will need to research the topic in-depth and invest adequate time and resources into planning and understanding your design and development process.

However, you can strengthen your design and development process by relying heavily on risk-based thinking principles during the planning phase. Proactively addressing risks will help your organization prevent unforeseen failures of the product or service and your design and development process as a whole. If you can identify something that could go wrong with the process ahead of time, you can modify your design and development process and potentially prevent a product or service failure.

One particularly effective way to manage risk is to conduct a Failure Mode and Effects Analysis (FMEA). The analysis can be summarized as follows:

1. List all potential sources of product or service failure in your product design phase.
2. Rate the potential severity of each risk and order the list from most to least “urgent”.
3. Create plans to address each individual risk.

Another way to prevent problems before they become product failures is to apply clause 8.5.1.g: Human Error Prevention to your design and development process. Use common sense strategies to eliminate opportunities for human error, such as:

• Simplify; break the production process down into as few elements as possible and automate wherever possible.
• Make sure employees involved in design and development are well-trained and competent.
• Consider potential sources of human error when planning your design and development risk management strategy.

Design and Development Process Audits

Auditors want to see evidence that your design and development process meets the requirements of ISO 9001, your interested parties, and your organization itself. Therefore, you need to thoroughly document all the information generated in each stage of the design and development process with particular emphasis on the results of process monitoring, reviews, and verification and validation activities. Review and understand this documentation to make sure you can explain clearly and completely how each design and development activity meets these requirements.

Product and service requirements are of special concern in regards to clause 8.3, as they are the process’ inputs. The ability of your design and development process to deliver products and services that meet these requirements impacts customer satisfaction and product and service quality more than any other single factor.

Auditors will look for evidence that you considered a number of factors while identifying your design and development inputs:

• the nature of your products, services, and processes
• relevant external issues
• your organization’s risks and its impact on interested parties
• customer and end-user needs
• legal and regulatory guidelines

Finally, exercise caution when determining whether your organization is exempt from any of the requirements of clause 8.3. The standard does allow some exemptions, but justifying circumstances are tricky to identify, and omitting a part of the process that your organization is actually required to implement seriously jeopardizes the quality of your products and services, and auditors will likely consider such an omission to be a major nonconformity.

Common Design and Development Questions and Concerns

How can I determine which stages of the design and development process my organization is exempt from, if any?

The only circumstance that exempts an organization from implementing some or all stages of the design and development process is if those stages are impossible to apply due to that organization’s context or business model. In short, if it is in any way possible for your organization to implement a given design and development process requirement, then it is mandatory to do so.

Be cautious when deciding whether you are exempt from any design and development process requirements. Organizations often mistakenly believe, for example, that outsourcing the design and development process exempts them from the requirements – after all, these organizations do not orchestrate the design and development of their products or services. Unfortunately, these organizations fail to consider the fact that they maintain significant influence over and responsibility for their outsourced processes due to their involvement in contract negotiations and their ability to choose which organizations to outsource the processes to.

More importantly, ISO 9001 clause 8.4: Control of externally provided processes, products, and services mandates that your organization establish controls over processes handled by external providers. Any organization that you outsource operations to qualifies as an external provider.

How do you establish controls over an external provider of design and development services?

First, make sure your contract with the provider includes a mutual agreement of how design and development requirements will be fulfilled. Obtain the information about results of the design and development process that your organization requires to fulfill its review, monitoring, and verification and validation obligations by conducting 2nd party audits of the provider.

What circumstances truly exempt an organization from meeting design and development process requirements?

An organization that manufactures products or renders services according to its customers’ exact specifications through automated processes may be exempt from some or all requirements. In other words, if your customers (as opposed to external providers) design and develop your products and services, then your organization likely can not implement a design and development process and could claim a legitimate exemption. For instance, a 3d printing business that prints 3d object files supplied by its customers can not apply any design and development process requirements to its operations, because it has no involvement in the product’s production beyond running and maintaining the 3d printers that produce the products.

What is the difference between verification and validation?

The similarity of the terms “verification” and “validation” in regards to the design and development process need not be a source of confusion. Both are procedures for checking and controlling the results of the design and development process, but each looks at the results of a different stage of the process.

Verification makes sure the design and specifications of the product or service meet the input requirements and enable the product or service to work as intended. Validation, on the other hand, actually tests the product or service itself – either a prototype or a sample of the final release.

In the simplest terms, verification checks to see whether the product or service does everything it is supposed to do in theory, while validation checks that the actual product or service works in practice.

Design and development is a complex topic and the subject of one of ISO 9001’s longest clauses for good reason. Design and development influences product and service quality and customer satisfaction more than any other process. Due to the breadth of the topic, there is no trick or simple strategy for ensuring its success, but as long as you keep in mind the ultimate goal of the design and development process – to ensure your products and services work as intended while meeting all legal and customer requirements – you can better guide the planning of your process down the most productive path possible.