Conformance1

Tools for conforming to standards, goals and processes

Controlled Conditions

  • How are controlled conditions defined by ISO 9001:2015?
  • How do organizations identify controlled conditions in their business processes?
  • What are some common auditing questions about the expectations of controlled conditions?

What Are Controlled Conditions?

Section 8.5.1 of the latest 9001 standard requires the control of production and service provision. According to this section, each organization must carry out their activities to provide their products and services under controlled conditions. This may include actions to prevent human error. The intent of this clause is to determine the need for changes to the organization’s quality management system. This will help organizations adapt to changes in their environment in a controlled manner, ensuring oversight for proposed changes during the planning, introduction, and implementation phases. Adequate planning for QMS changes can help prevent negative outcomes, such as product recalls or postponements or cancellations of services. On the other hand, controlled planning can also create positive outcomes, such as fewer human errors and nonconforming outputs.

What are the anticipated benefits of proper execution of the controlled conditions requirement?

When clause 8.5.1 is implemented properly, organizations can reap several benefits, including:

  • Consistency and efficiency for all operations. Each new job or project will have the information, resources, and staff necessary to operate efficiently. 
  • Clarify for responsible personnel regarding their specific role, specific product/service requirements, and how to ensure quality in their daily operations. 
  • Reduction of nonconformities as a result of human error. 

How Do I Identify Controlled Conditions? 

Controlled conditions must be implemented for all products and services. This includes both delivery and post-delivery activities. Some examples of conditions that should be controlled include the availability of documented information, monitoring and measurement activities, validation, and implementation of products and services. Image source: https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/

Some organizations equate procedures with controls. For example, if there is no procedure, then there is no control. But this isn’t necessarily true. Simply because an organization has a procedure in place, this does not necessarily equate to management control over that process. 

Organizations can have procedures that are not executed in the reality of day-to-day operations. Establishing a procedure is definitely an important step in process control, but it doesn’t mean there is control of that process.

It is essential that suitable tools and equipment for process operations are clearly identified in the procedure, but an even greater emphasis should be placed on the people in charge of those processes. The organization must ensure (and outline in the procedures) that competent persons with adequate qualifications are designated to every process or activity, especially the validation and verification activities. The standard offers some guidance for organizations beginning this process with a list of common controlled conditions for documented information, monitoring and measuring resources, infrastructure and environment, competent personnel, validation of the ability to achieve results, preventative actions, and all activities governing product release, delivery, and post-delivery of products and services. See the list below for additional guidance.

Controlled conditions include, (if applicable to your organization):

  • Documented information that defines activities your organization performs and the expected results of each (It must also connect every process to the respective documented information used in the production flow and the control activities.);
  • The availability and use of resources for monitoring and measuring the results of your processes;
  • The implementation of monitoring and measurement activities;
  • The care of property belonging to customers or external providers;
  • The use of adequate infrastructure and environment for all process operations;
  • The hiring of competent personnel (minimum qualification requirements); 
  • The validation and continual assessment of whether or not your organization is achieving expected results of the processes for product and service provision;
  • The implementation of plans to prevent human error in product and service provision; 
  • The implementation of product release, delivery and post-delivery activities.

How to define and prepare for human error

As mentioned in the list above, control of processes to prevent human error is a requirement of ISO 9001:2015. This requirement acknowledges that human factors can be critical to executing a process; therefore, they should be carefully considered when identifying the environment for process operations. Human error occurs when a person makes a mistake. Some examples of what human error might look like in organizations are listed below.

Some examples of human error organizations need prevention planning for include:

  • Failing to perform a task
  • Omitting a task
  • Incorrectly performing a task
  • Adding extra work for another employee 
  • Performing expected tasks in the wrong order or with the wrong priority
  • Spending time on an unnecessary task
  • Failing to perform a task in a designated time period
  • Inadequately responding to contingency plans 

Some reasons for human error may be:

  • Memory limits
  • Attention limits
  • Fatigue
  • Poor training
  • Miscommunication
  • Lack of written instructions or follow-up
  • Distractions in the environment
  • Overconfidence or unwillingness to learn or improve

ISO/TS 9002:2016 offers some guidance to prevent human error, including:

  • Limiting long working hours
  • Establishing a suitable work environment
  • Providing adequate training, instructions, and follow-up for employees
  • Automating processes where possible
  • Safeguarding sensitive information
  • Establishing policies to limit distractions, such as use of cell phones or social media
  • Rotating positions or job responsibilities

Common Auditing Questions About Controlled Conditions 

Auditors will seek to verify adequate controls are in place within the organization and that it is able to report and address any deficiencies. Below are some common auditing questions about controlled conditions expectations within the ISO 9001 standard.

What controls need to be in place regarding changes to provisions?

Section 8.5.6 discusses control of changes. All changes to provisions must be managed in such a way to maintain the conformity of the product or service requirements. If changes must occur, they must be planned and documented to illustrate the change was administered properly. Section 8.2.4 outlines the requirements for changing products and services, but change management refers to the processes organizations have in place to offer their products and services.

How do I create a controlled process for documented information?

Clause 7.5 requires documents be controlled within the quality management system. Organizations are required to create a documented procedure to:

  • Approve documents 
  • Review and update documents
  • Identify changes and revision status of documents
  • Make available relevant documents 
  • Ensure documents are legible and identifiable
  • Control the distribution of external documents
  • Prevent obsolete documents from being used unintentionally
  • Control records as aligning to conformity requirements and proof of adherence to an effective quality management system
  • Identify obsolete documents if they are returned to circulation