What’s the difference?
Q: Please clarify the difference between design verification, design validation and validation of processes, and provide examples.
A: "Did we build the product right?" The answer to this question is verification. Verification is defined in ISO 9000:2015 as confirmation through the provision of objective evidence that specified requirements have been fulfilled.1 In the context of design, the standard provides further guidance by saying activities performed for verification are sometimes called qualification processes.
Products (and services) are designed based on a set of requirements. Requirements could come from various relevant interested parties. Here is an example: You are designing a new home appliance. Requirements come from customer focus groups, safety regulators, market requirements, comparisons with features of the competition, part suppliers and investors. Some of the requirements are technical and some are administrative in nature. These requirements are designed into the product and service provided by the appliance manufacturer.
How do we verify the design? It can be verified through inspection, reviewing qualification processes for the parts and the overall product, design reviews, failure mode and effects analysis and by reviewing documented information. During the verification, requirements for quality, reliability and performance of the products and services are verified. Organizations develop a verification plan to manage this.
"Did we build the right product?" The answer to this question is validation. Validation is defined in ISO 9000:2015 as confirmation through the provision of objective evidence that the requirements for a specified intended use or an application have been fulfilled. Now that we have built the product or service, its ability to serve its intended use or application must be validated.
There also are requirements for validation. Continuing with the appliance example, validation requirements address use and application of the appliance under a variety of circumstances. Examples include:
- Use in a hot and highly humid environment or corrosive environment.
- Using the equipment in a vehicle that is subjected to high level of vibration.
- Use by children who may drop the appliance frequently, or even deliberately throw the equipment at the wall, resulting in sudden impact.
- When the appliance is rolled and loaded in stacks during transportation.
Under all these circumstances, the appliance should deliver on its intended use. These requirements can be validated by either subjecting the appliance to these conditions, conducting tests or simulating them.
Validation also can involve providing the appliances to a sample of target customers for a period of time and learning from their experience, collecting back the sample validation units from customers, and reevaluating the appliances for degradation in quality, reliability and performance. This is evaluating the product from the user perspective. Organizations develop a validation plan to manage this.
In ISO 9001:2015, section 8.5.1.f, process validation is defined as "the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement."2
In the past, we called these processes a "special process." For a more in-depth explanation of validation of processes with examples, refer to the October 2013 Expert Answers response, "What’s So Special?"3
Senior director, global quality management systems
San Jose, CA
- International Organization for Standardization, ISO 9000—Quality management systems—Fundamentals and vocabulary.
- International Organization for Standardization, ISO 9001—Quality management systems—Requirements, section 8.5.1.f.
- Govind Ramu, "Expert Answers: What’s So Special?" Quality Progress, October 2014, p. 9.
ISO 9001:2015 tools for auditors
Q: In addressing clause 4 of ISO 9001:2015 regarding the organization’s context and interested parties, what type of tool (such as spreadsheet, diagram or flowchart), would you recommend using to simplify the practice and to give a proper understanding for auditors? I understand that risk evaluation should be accomplished not only at a high level in establishing and planning objectives, but also at the process level. If this is correct, are there criteria that organizations can use to select processes to be evaluated?
A: Your selection of tools, such as spreadsheets, diagrams and flowcharts, should be driven by whatever best fits your organization’s context, quality management system (QMS) scope and requirements of interested parties. Before proceeding with tool selection to "simplify" practices, however, it is essential that the changes and new requirements of ISO 9001:2015 are fully understood and communicated throughout the organization.
As you know, transitioning from ISO 9001:2008 to ISO 9001:2015 will require much more than providing understanding to auditors. The transition process should begin with top management and flow down to the process owners and others throughout the organization. If a gap analysis hasn’t already been completed, consider doing so to identify those processes that must be improved to meet ISO 9001:2015 certification requirements.
Risk-based thinking must be a part of every organization’s process approach to ensure risks and opportunities are identified and addressed. Although risk-based thinking is not new, it is a changed approach. ISO 9001:2015 supports the scalability of QMSs, which allows them to be specific to an organization’s processes, products and services. The landscape of today’s QMS has changed. It’s not a one size fits all situation. For this reason, it’s essential for top management, process owners and QMS auditors to develop a thorough understanding of ISO 9001:2015 and its requirements.
Also of equal importance is the familiarization of top management, process owners and auditors with the principles of risk assessment, management and related terminologies (such as in ISO 31000:2009).
The effectiveness of future QMS audits will depend on auditors who can apply their collective knowledge of ISO 9001:2015, risk assessment and management requirements, as well as their in-depth knowledge of the industries, processes, products and systems. Exemplar Global and other accredited ISO 17024 personnel certification bodies have developed online training courses for the purpose of explaining the requirements of ISO 9001:2015. Other information about transitioning to ISO 9001:2015 is available on the International Accreditation Forum’s website, where you can read about the recent publication of ISO 9001:2015.1, 2
To address the second part of your question, it’s important to be aware that risk-based thinking applies to every process that comprises your organization’s QMS. Risk-based thinking should be integrated into your organization’s QMS and product planning processes to ensure risks and opportunities are identified and addressed.
A few key questions to consider include, how will your registrar verify your organization’s conformance with ISO 9001:2015 requirements? What is your registrar’s timeline for transitioning existing clients to ISO 9001:2015 requirements? And what type of support will be provided to assist clients through the transition process?
Aston Technical Consulting Services LLC
Reference and note
- International Accreditation Forum, www.iaf.nu.
- International Accreditation Forum, "Publication of ISO 9001:2015," http://tinyurl.com/accreditationforum.
Switching rules explained
Q: We are planning to implement an ANSI/ASQ Z1.4-2003 (R2013) sampling inspection plan with our finished products, which are all currently inspected by quality control inspectors. I read about the importance of the switching rules on a continuing stream of lots and have these questions:
- Is it acceptable to select a specific plan (tightened, normal or reduced) and use it without the switching rules?
- Are there any exceptions that allow us to use a specific plan without applying the switching rules?
A: To answer your first question, you can use any plan without using the switching rules, but you do run the risk of not meeting the alpha risk in the end. These plans were developed to be used, as documented. A normal plan is generally used and the switching rules come in when the clearance number has been obtained.
Some processes may never switch. If you choose a plan that is tightened or reduced to start with, you potentially will either spend too much on inspection (tightened) or risk having a bad product go to the customer (reduced).
It is a business decision for you to make if your customer is not demanding it. The switching rules are there to protect the producer when the product is running well or it has problems.
To address your second question, if your customer is not requiring a particular plan, you can use what you want. It is a business decision, and there no reason for any exceptions.
Senior performance improvement specialist
John Peter Smith Hospital
Fort Worth, TX