This month's first question

ISO 9001:2015 clause 4.2 requires an organization to determine relevant interested parties and their relevant requirements. How extensive should the list of needs and expectations be? Is a list of common generic needs enough?

Our response

Interested parties are the stakeholders who receive or are affected by the organization’s products or services, or the parties who otherwise have a significant interest in the organization. This includes customers, owners, suppliers, partners, competitors and people in the organization.

Because understanding the expectations of interested parties is a new requirement in ISO 9001:2015, an organization should allow itself time to develop an understanding of its internal and external stakeholder interests that are relevant to its quality management system (QMS). This information should be gathered, reviewed and monitored regularly through different meetings, such as management review meetings.

The list of interested parties is not generic because a QMS differs from organization to organization, and the needs and expectations of an organization’s interested parties may change over time. An organization also must consider what interested party requirements are relevant to its QMS.

Therefore, the list of relevant interested parties should be determined based on their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements. By monitoring and reviewing information about interested parties and their relevant requirements, those requirements might become inputs into the organization’s QMS and products.

This response was written by Mahboubeh Shabani, senior quality engineer supervisor, Trojan Battery Co., Santa Fe Springs, CA.

This month's second question

Does ISO 9001:2015 or AS9100D differentiate “deviations” from “waivers”? Historically, a deviation has been defined as a request to accept a nonconformance that is understood prior to work starting, while a waiver applies to a nonconformance found during production.

Our response

My experience has led to the same understanding of these terms. However, neither term is mentioned in either of these standards, except that “deviation” is used when discussing risk-based thinking. Neither standard mentions a nonconformance being associated with taking exception to a specified requirement, which is a deviation or departure from a specified requirement, which—if accepted by the customer—is a waiver.

When a request for quote or an unsolicited order is received, the organization must thoroughly review the customer’s requirements before agreeing to supply products or services.

Specific to AS9100D, which uses the term “amended” versus “deviation” or “waiver,” the following is described in subclause “If upon review the organization determines that some customer requirements cannot be met or can only partially be met, the organization shall negotiate a mutually acceptable requirement with the customer.”1 This is considered a deviation.

Whereas Military Handbook 61A: Configuration Control, Clause 6.3—Request for Deviation has this definition: “A deviation is a specific written authorization to depart from a particular requirement(s) of an item’s current approved configuration documentation for a specific number of units or a specified period of time.”2

Military Standard 973 (cancelled without replacement on Sept. 30, 2000), clause 3.31, provides an additional definition, which clarifies a deviation from an engineering change. An approved engineering change requires corresponding revision of the item’s current approved configuration documentation, whereas a deviation does not.3

Often, terms and conditions of purchase orders will define a waiver as: “A waiver is an unplanned variance from the configuration documentation specified on the purchase order requiring written authorization to accept an item which, during manufacture, or after having been submitted for inspection or acceptance (including test), is found to depart from specified requirements, but nevertheless is considered suitable for ‘use as is’ or after repair by an approved method.”

Part of the contract review activity includes a comparison to the quote sent to the customer to verify that the order reflects the same exact requirements and has not imposed requirements differing from those previously expressed.

With multiple standards that directly relate to configuration management, the need to differentiate “deviations” from “waivers” in these quality management standards is basically redundant.


  1. Society of Automotive Engineers International, AS9001D—Quality management systems—Requirements for aviation, space, and defense organizations, subclause
  2. Department of Defense (DoD), Military Handbook 61A: Configuration Management Guidance, clause 6.3, https://tinyurl.com/yczdvc23.
  3. DoD, Military Standard 973: Configuration Management, https://tinyurl.com/ybyh5xk5.

This response was written by Bernie Carpenter, lead auditor, Carpenter Services Group, Inc., Costa Mesa, CA, and reviewed by Wayne Drysol, quality assurance director, 3V Fasteners, Corona, CA.

The AS9100 D requirement "If upon review the organization determines that some customer requirements cannot be met or can only partially be met, the organization shall negotiate a mutually acceptable requirement with the customer" is not a deviation unless the order has already been accepted. In pre-order acceptance negotiations, during which the customer and the organization are determining which requirements the organization will meet, none have been formally accepted. As a result, there can be no deviation. In Aerospace, a commonly heard phrase is "A deviation is a request for permission to deviate from previously accepted requirement prior to production of the item; a waiver is asking forgiveness for and request for the customer to accept unmet requirements after the item has been produced.
--Phil Scott, 01-13-2019

ISO 9000:2015 does not have a definition for waiver. However, it does have a definition for deviation (3.12.6) "permission to depart from original specified requirements (3.6.4) of a product (3.7.6) or service (3.7.7) PRIOR to realization. As in contract review. A concession is permission to use or release a product or service that does not conform to specified requirements, note 1 concession is generally limited to the delivery of products and services that have a nonconforming characteristics within specified limits and is generally given for a limited quantity of products... or period of time, and for a specific use. So a deviation is identified in contract review and is an open ended specification consideration known before production. Concession is after product realization and waiver is not defined.
--Sherri Gallagher, 01-12-2019

Average Rating


Out of 2 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers