ISO 9001 Clause 8.3.4 focuses on Design and Development Controls, ensuring that processes are in place to guarantee the quality and conformity of products and services.

ISO 9001 Clause 8.3.4 Design and Development Controls

This ISO clause defines the design and development controls put in place by a company to ensure they are delivering what was promised. They consist of design review, conducting various tests, and building various prototypes (as needed) to prove the design is ready for production.

Example design and development control activities include:

• Defined Results: The organization must clearly define the results expected from the design and development process. This sets the criteria for evaluating the subsequent stages.

• Design and Development Reviews: Regular reviews must be conducted to assess if the results of the design and development process align with the specified requirements. This ensures ongoing alignment with the project goals.

• Verification Activities: Activities must be in place to verify that the design and development outputs meet the input requirements. This involves testing or checking that what was planned has been correctly implemented and maintaining the documented information as evidence of conformance.

• Validation Activities: The organization needs to conduct validation activities to ensure that the resulting products and services meet the specified application or intended use. This involves confirming that the end product functions as intended through field testing or customer acceptance testing and maintaining the documented information as evidence of conformance.

• Problem Resolution: If any issues are identified during reviews, verification, or validation, necessary actions must be taken to address and resolve these problems.

• Documented Information: The organization must retain documented information regarding all of these activities. This documentation provides evidence that the necessary controls were applied throughout the design and development process.

Note on Reviews, Verification, and Validation: These activities serve distinct purposes and can be conducted separately or in various combinations based on the organization's needs.

Example of a Software Development Company Implementing Clause 8.3.4

• Defined Results: The software company defines the expected results of its design and development process, such as creating a new software application that meets specific user requirements, has minimal bugs, and is scalable for future updates.

• Design and Development Reviews: Regular design and development reviews are conducted, where teams assess the progress, ensuring that the software design aligns with the initial specifications. For instance, a midway review might identify that a certain feature needs adjustment to meet user expectations.

• Verification Activities: Verification activities involve testing individual components of the software to confirm they meet the intended requirements. This includes code reviews, unit testing, and integration testing to ensure that each part functions correctly and as intended.

• Validation Activities: Validation activities are conducted to ensure the entire software system meets the broader requirements and functions effectively in the intended environment. This might involve beta testing or user acceptance testing (UAT) where the software is tested in a simulated live environment.

• Problem Resolution: During a design review, a team identifies a potential security vulnerability in the software. The organization takes immediate action to fix the issue, ensuring the final product is secure and meets all specifications.

• Documented Information: All reviews, verification and validation activities, and any actions taken are documented. This documentation includes records of reviews, test results, and any changes made during the design and development process. This paperwork provides evidence of adherence to the established controls and forms the basis of the learning loop for future projects.

This example illustrates how an organization in the software development sector might implement and demonstrate compliance with ISO 9001 Clause 8.3.4.

ISO 9001:2015 Clause 8.3.4 Design and Development Controls

In summary, Clause 8.3.4 emphasizes the importance of systematic controls and documentation throughout the design and development process to ensure the quality and conformity of the final products and services.