ISO/DIS9001《质量管理体系 要求》(2014国际标准草案)续
****2015.3.12修订
8 Operation
运作
8.1 Operational planning and control
运作的策划与控制
The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in6.1, by:
组织应依据4.4概述策划、实施和控制满足产品和服务提供的要求和实施6.1条款所确定的措施所需的过程,通过:
a) determining requirements for the product and services;
确定产品和服务的要求
b) establishing criteria for the processes and for the acceptance of products and services;
建立过程和产品和服务的接受准则
c) determining the resources needed to achieve conformity to product and service requirements;
确定达到产品和服务要求相一致所需的资源
d) implementing control of the processes in accordance with the criteria;
依据准则实施对过程控制
e) retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements.
保持必要程度的文件信息,以确信过程已按照策划和证明产品和服务符合的要求实施。
The output of this planning shall be suitable for the organization's operations.
策划的输出应适用于组织的运作
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
组织应控制计划的变更和评审非预期的变更的后果,必要时,采取措施减轻任何不良影响。
The organization shall ensure that outsourced processes are controlled in accordance with 8.4.
组织应确保外包过程是按照8.4控制
8.2 Determination of requirements for products and services
产品和服务的要求的确定
8.2.1 Customer communication
顾客沟通
The organization shall establish the processes for communicating with customers in relation to:
组织应在以下方面建立与顾客沟通:
a) information relating to products and services;
关于产品和服务的信息
b) enquiries, contracts or order handling, including changes;
问询,合同或订单的处理,包括对其的修订
c) obtaining customer views and perceptions, including customer complaints;
获取客户的意见和看法,包括客户抱怨
d) the handling or treatment of customer property, if applicable;
适用时,对顾客财产的处理
e) specific requirements for contingency actions, when relevant.
相关时,应急措施的特定要求
8.2.2 Determination of requirements related to products and services
与产品和服务有关要求的确定
The organization shall establish, implement and maintain a process to determine the requirements for the products and services to be offered to potential customers.
组织应建立、实施和保持一个过程来确定将提供给潜在顾客的产品和服务要求
The organization shall ensure that:
组织应确保:
a) product and service requirements (including those considered necessary by the organization), and applicable statutory and regulatory requirements, are defined;
产品和服务要求(包括那些由组织认为必要时)以及适用的法律法规要求是明确的
b) it has the ability to meet the defined requirements and substantiate the claims for the products and services it offers.
它有能力满足规定的要求和证实其所提供的产品和服务的要求
8.2.3 Review of requirements related to products and services
与产品和服务有关要求的评审
The organization shall review, as applicable:
适用时,组织应评审:
a) requirements specified by the customer, including the requirements for delivery and post-delivery activities;
由顾客规定的要求,包括交付及交付后的活动要求;
b) requirements not stated by the customer, but necessary for the customers' specified or intended use, when known;
非顾客规定的要求,但已知的顾客规定的或预期的用途所必需的要求;
c) additional statutory and regulatory requirements applicable to the products and services;
适用于产品和服务的附加的法律法规的要求
d) contract or order requirements differing from those previously expressed.
与那些先前表述不一致的合同或订单要求
NOTE Requirements can also include those arising from relevant interested parties.
注:也可包括来自相关方所产生的要求
This review shall be conducted prior to the organization’s commitment to supply products and services to the customer and shall ensure contract or order requirements differing from those previously defined are resolved.
评审应在组织向顾客作出提供产品和服务的承诺之前进行,并应确保与那些先前确定不一致的合同或订单的要求已得到解决。
Where the customer does not provide a documented statement of their requirements, the customer requirements shall be confirmed by the organization before acceptance.
若顾客没有提供形成文件信息的要求,这些顾客的要求应在组织接受前得到确认。
Documented information describing the results of the review, including any new or changed requirements for the products and services, shall be retained.
描述评审结果的记录信息,包括任何新的或变更的产品和服务的要求,应该予以保留。
Where requirements for products and services are changed, the organization shall ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements.
若产品和服务要求发生变更,组织应确保相关记录信息得到修改,并确保相关人员知道已变更的要求。
8.3 Design and development of products and services
产品和服务的设计和开发
8.3.1 General
总则
Where the detailed requirements of the organization’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organization shall establish, implement and maintain a design and process.
当组织的产品和服务的详细要求还没有确定或未由顾客或其它相关方定义,但组织有充分条件进行生产和服务提供,组织应建立、实施和保持设计和开发过程的程序。
NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes for production and services provision
注1:组织也可将8.5的要求应用于生产和服务提供过程的开发
NOTE 2 For services, design and development planning can address the whole service delivery process. The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 togther.
注2:针对服务而言,设计和开发的策划可以针对整个服务交付过程,组织因此可以选择考虑8.3和8.5条款在一起的要求
8.3.2 Design and development planning
设计和开发的策划
In determining the stages and controls for design and development, the organization shall consider:
在确定设计和开发阶段和控制时,组织应考虑:
a) the nature, duration and complexity of the design and development activities;
设计和开发活动的类型、持续时间和复杂性
b) requirements that specify particular process stages, including applicable design and development reviews;
指定特定的过程阶段的要求,包括适用的设计和开发评审。
c) the required design and development verification and validation;
所需的设计和开发验证与确认
d) the responsibilities and authorities involved in the design and development process;
参与设计和开发过程的职责和权限
e) the need to control interfaces between individuals and parties involved in the design and development process;
参与设计和开发过程的人员和团体间的接口控制需求
f) the need for involvement of customer and user groups in the design and development process;
在设计和开发过程中需要参与的顾客和用户组
g) the necessary documented information to confirm that design and development requirements have been met.
确认设计和开发要求已得到满足的必要的记录信息。
8.3.3 Design and development Inputs
设计和开发输入
The organization shall determine:
组织应确定:
a) requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements;
设计和开发的特定类型的产品和服务的基本要求,适用时,包括功能要求和性能要求。
b) applicable statutory and regulatory requirements;
适用的法律法规要求
c) standards or codes of practice that the organization has committed to implement;
组织一直致力于实施的行业法规和标准
d) internal and external resource needs for the design and development of products and services;
产品和服务的设计和开发所需的内部资源和外部资源
e) the potential consequences of failure due to the nature of the products and services;
产品和服务的性质引发的潜在的失效后果
f) the level of control expected of the design and development process by customers and other relevant interested parties.
顾客和其他相关方对设计和开发过程预期的控制水平
Inputs shall be adequate for design and development purposes, complete, and unambiguous.
输入应满足设计和开发目的、完整和清楚
Conflicts among inputs shall be resolved.
输入之间的矛盾应当解决
8.3.4 Design and development controls
设计和开发控制
The controls applied to the design and development process shall ensure that:
适用于设计和开发过程的控制应确保:
a) the results to be achieved by the design and development activities are clearly defined;
通过设计和开发活动要实现的结果有明确的规定
b) design and development reviews are conducted as planned;
依据策划的安排对设计和开发进行评审
c) verification is conducted to ensure that the design and development outputs have met the design and development input requirements;
实施验证,以确保设计和开发输出已满足设计和开发输入的要求;
d) validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known).
实施确认,以确保生成的产品和服务能够满足规定的使用要求或预期用途(当已知);
8.3.5 Design and development outputs
设计和开发输出
The organization shall ensure that design and development outputs:
组织应确保设计和开发输出:
a) meet the input requirements for design and development;
满足设计和开发的输入要求
b) are adequate for the subsequent processes for the provision of products and services;
对后续产品和服务提供时充分的
c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable;
适用时,包含或引用监视和测量的要求和接受准则;
d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use.
确保生产的产品,或者所提供的服务,符合预期的目的和产品和服务的安全和正常使用。
The organization shall retain the documented information resulting from the design and development process.
组织应保留设计和开发过程中产生的文件信息
8.3.6 Design and development changes
设计和开发变更
The organization shall review, control and identify changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements.
组织应评审、控制和识别在产品和服务的设计和开发过程中或随后产生的设计输入和设计输出变更,某种程度上在符合要求方面没有不良影响。
Documented information on design and development changes shall be retained.
设计和开发变更的信息应予以保留
8.4 Control of externally provided products and services
产品和服务提供的外部控制
8.4.1 General
总则
The organization shall ensure that externally provided processes, products, and services conform to specified requirements.
组织应确保外部提供的过程、产品和服务符合规定的要求。
The organization shall apply the specified requirements for the control of externally provided products and services when:
组织应运用为了控制外部提供的产品和服务的规定要求,当:
a) products and services are provided by external providers for incorporation into the organization’s own products and services;
产品和服务是由外部供应商提供构成组织自身的产品和服务;
b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;
产品和服务直接由外部供应商代表组织提供给客户;
c) a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function.
外部供方的提供过程或过程的一部分,决定了该组织的外部过程或职能;
The organization shall establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements.
组织应基于外部供应商按照规定的要求提供过程或产品和服务的能力,建立和应用对外部供应商的评价、选择、绩效的监视和重新评价的准则。
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.
组织应保留外部供应商的评价、绩效的监视和重新评价结果的适当的记录信息
8.4.2 Type and extent of control of external provision
外部提供的控制的类型和程度
In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organization shall take into consideration:
在确定适用于外部提供的过程、产品和服务的控制类型与程度时,组织应考虑:
a) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements;
外部提供的过程、产品和服务关于组织持续满足顾客和适用的法律法规要求的能力的潜在影响;
b) the perceived effectiveness of the controls applied by the external provider.
外部供方对有效实施控制的感知。
The organization shall establish and implement verification or other activities necessary to ensure the externally provided processes, products and services do not adversely affect the organization's ability to consistently deliver conforming products and services to its customers.
组织应建立并实施检验或其他必要的活动,以确保外部提供的过程、产品和服务,不影响组织稳定提供给其顾客符合的产品和服务的能力。
Processes or functions of the organization which have been outsourced to an external provider remain within the scope of the organization’s quality management system; accordingly, the organization shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resulting process output.
该组织已外包给外部供应商的过程或功能保持在组织的质量管理体系的范围之内,同时,组织应考虑以上a)和b)项,并明确外部供方以及过程输出的不同控制类型和深度。
8.4.3 Information for external providers
外部供应商的信息
The organization shall communicate to external providers applicable requirements for the following:
组织应与外部供应商沟通如下适用的要求:
a) the products and services to be provided or the processes to be performed on behalf of the organization;
提供的产品和服务或代表组织实施的过程
b) Approval or release of products and services, methods, processes or equipment;
产品和服务、方法、过程或设备的放行或批准
c) competence of personnel, including necessary qualification;
人员的能力,包含必要的资格
d) their interactions with the organization's quality management system;
他们与组织质量管理体系之间的相互作用
e) the control and monitoring of the external provider’s performance to be applied by the organization;
由组织施加的对外部供应商的业绩的控制和监视
f) verification activities that the organization, or its customer, intends to perform at the external provider’s premises.
组织或其顾客,拟在外部供应商现场实施的验证活动
The organization shall ensure the adequacy of specified requirements prior to their communication to the external provider.
在与外部供应商沟通前,组织应确保所规定的要求是充分的
8.5 Production and service provision
产品和服务提供
8.5.1 Control of production and service provision
产品和服务提供的控制
The organization shall implement controlled conditions for production and service provision, including delivery and post-delivery activities.
组织应在受控条件下实施产品和服务提供,包括交付和交付后的活动
Controlled conditions shall include, as applicable:
适用时,受控条件应包括:
a) the availability of documented information that defines the characteristics of the products and services;
表述产品和服务特性的记录信息的可用性
b) the availability of documented information that defines the activities to be performed and the results to be achieved;
获得表述实施的活动及其实施结果的记录信息
c) monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met.
在适当阶段监视和测量活动证实已满足过程和过程输出的控制准则,及产品和服务的接受准则;
d) the use, and control of suitable infrastructure and process environment;
使用、并控制适宜的基础设施和过程环境;
e) the availability and use of suitable monitoring and measuring resources;
获得和使用适宜的测量和监视资源;
f) the competence and, where applicable, required qualification of persons;
适用情况下,人员的能力和所需的资格
g) the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement;
当结果的输出不能通过后续的监视和测量加以验证时,对实现所策划的任何产品和服务提供过程的结果能力的确认和重新确认
h) the implementation of products and services release, delivery and post-delivery activities.
产品和服务的放行,交付和交付后活动的实施。
8.5.2 Identification and traceability
标识和可追溯性
Where necessary to ensure conformity of products and services, the organization shall use suitable means to identify process outputs.
当必须确保产品和服务的符合性,组织应使用适宜的方法识别过程输出。
The organization shall identify the status of process outputs with respect to monitoring and measurement requirements throughout production and service provision.
组织应在产品和服务提供的全过程中相对于监视和测量要求识别过程输出的状态。
Where traceability is a requirement, the organization shall control the unique identification of the process outputs, and retain any documented information necessary to maintain traceability.
在有可追溯性要求的场合,组织应控制过程输出的唯一性标识,并保留所有必需的保持可追溯性的记录信息。
NOTE Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc.
注:过程输出是任何活动的结果,它将交付给组织的顾客或内部顾客(例如,下一个过程输入的接受者);他们可以包括产品、服务、中间件、零部件等。
8.5.3 Property belonging to customers or external providers
顾客或外部供应商的财产
The organization shall exercise care with property belonging to the customer or external providers while it is under the organization's control or being used by the organization. The organization shall identify, verify, protect and safeguard the customer’s or external provider’s property provided for use or incorporation into the products and services.
组织应爱护在组织控制下或由组织使用的属于顾客或外部供应商的财产,组织应识别、验证、保护和维护供其使用或构成产品和服务的顾客或外部供应商的财产。
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider.
当顾客或外部供应商的财产被错误使用、丢失、损坏或发现不适用时,组织应向顾客或外部供应商报告。
NOTE Customer property can include material, components, tools and equipment, customer premises, intellectual property and personal data.
注:顾客财产可以包括:材料、零部件、工具或设备、顾客设施、知识产权和私人信息。
8.5.4 Preservation
产品防护
The organization shall ensure preservation of process outputs during production and service provision, to the extent necessary to maintain conformity to requirements.
组织应确保在产品和服务提供过程中过程输出的防护,在一定程度上必需保持符合要求。
NOTE Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.
注:防护可以包括:标识、搬运、包装、贮存、传输或运输、和保护。
8.5.5 Post-delivery activities
交付后的活动
As applicable, the organization shall meet requirements for post-delivery activities associated with the products and services.
适用时,组织应满足与产品和服务相关的交付后的活动要求
In determining the extent of post-delivery activities that are required, the organization shall consider:
在确定被要求的交付后活动所需的程度,组织应考虑:
a) the risks associated with the products and services;
与产品和服务相关的风险
b) the nature, use and intended lifetime of the products and services;
产品和服务的性质、用途和预期寿命
c) customer feedback;
顾客反馈
d) statutory and regulatory requirements.
法律法规要求
NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
注:交付后的活动可以包括:保修条款的措施、诸如维护服务的合同义务,及诸如回收或最终处置等附加服务
8.5.6 Control of changes
变更控制
The organization shall review and control unplanned changes essential for production or service provision to the extent necessary to ensure continuing conformity with specified requirements.
组织应评审和控制用于产品或服务提供必要的非计划的变更,确保持续满足规定的要求
The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.
组织应将变更的评审结果、变更的人员授权、和任何必要的措施的记录信息予以保留
8.6 Release of products and services
产品和服务的放行
The organization shall implement the planned arrangements at appropriate stages to verify that product and service requirements have been met. Evidence of conformity with the acceptance criteria shall be retained.
组织应在适当的阶段实施策划的安排,以验证产品和服务要求已得到满足,符合接受准则的证据应予以保留。
The release of products and services to the customer shall not proceed until the planned arrangements for verification of conformity have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. Documented information shall provide traceability to the person(s) authorizing release of products and services for delivery to the customer.
除非得到有关授权人员的批准,和适用时得到顾客的批准,否则在策划的符合性验证安排已圆满完成之前,不应向顾客进行产品和服务的放行。记录信息应提供可追溯的授权放行产品和服务以交付给顾客的人员。
8.7 Control of nonconforming process outputs, products and services
不合格的过程输出、产品和服务的控制
The organization shall ensure process outputs, products and services that do not conform to requirements are identified and controlled to prevent their unintended use or delivery.
组织应确保对不符合要求的过程输出、产品和服务得到识别和控制,以防止它们的非预期使用或交付。
The organization shall take appropriate corrective action based on the nature of the nonconformity and its impact on the conformity of products and services. This applies also to nonconforming products and services detected after delivery of the products or during the provision of the service.
组织应基于对产品和服务符合性的不符合性质及其影响采取适当的纠正措施,这也适用于在产品交付后或服务提供过程中发生的不合格产品和服务的处置。
As applicable, the organization shall deal with nonconforming process outputs, products and services in one or more of the following ways:
适用时,组织应用以下一种或多种方法处置不合格的过程输出、产品和服务
a) correction;
纠正
b) segregation, containment, return or suspension of provision of products and services;
隔离、控制、召回或暂停产品和服务的提供
c) informing the customer;
通知顾客
d) obtaining authorization for:
获得以下授权:
use “as-is’;
免责使用
release, continuation or re-provision of the products and services;
放行、继续使用或重新提供产品和服务
acceptance under concession.
让步接受
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be verified.
在不合格的过程输出、产品和服务得到纠正之后,应对其要求的符合性进行验证。
The organization shall retain documented information of actions taken on nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformity.
组织应保留有关不合格的过程输出、产品和服务已采取措施的记录信息,包括获取的任何让步、作出处置不合格决定的人或机构。
8 Operation
运作
8.1 Operational planning and control
运作的策划与控制
The organization shall plan, implement and control the processes, as outlined in 4.4, needed to meet requirements for the provision of products and services and to implement the actions determined in6.1, by:
组织应依据4.4概述策划、实施和控制满足产品和服务提供的要求和实施6.1条款所确定的措施所需的过程,通过:
a) determining requirements for the product and services;
确定产品和服务的要求
b) establishing criteria for the processes and for the acceptance of products and services;
建立过程和产品和服务的接受准则
c) determining the resources needed to achieve conformity to product and service requirements;
确定达到产品和服务要求相一致所需的资源
d) implementing control of the processes in accordance with the criteria;
依据准则实施对过程控制
e) retaining documented information to the extent necessary to have confidence that the processes have been carried out as planned and to demonstrate conformity of products and services to requirements.
保持必要程度的文件信息,以确信过程已按照策划和证明产品和服务符合的要求实施。
The output of this planning shall be suitable for the organization's operations.
策划的输出应适用于组织的运作
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.
组织应控制计划的变更和评审非预期的变更的后果,必要时,采取措施减轻任何不良影响。
The organization shall ensure that outsourced processes are controlled in accordance with 8.4.
组织应确保外包过程是按照8.4控制
8.2 Determination of requirements for products and services
产品和服务的要求的确定
8.2.1 Customer communication
顾客沟通
The organization shall establish the processes for communicating with customers in relation to:
组织应在以下方面建立与顾客沟通:
a) information relating to products and services;
关于产品和服务的信息
b) enquiries, contracts or order handling, including changes;
问询,合同或订单的处理,包括对其的修订
c) obtaining customer views and perceptions, including customer complaints;
获取客户的意见和看法,包括客户抱怨
d) the handling or treatment of customer property, if applicable;
适用时,对顾客财产的处理
e) specific requirements for contingency actions, when relevant.
相关时,应急措施的特定要求
8.2.2 Determination of requirements related to products and services
与产品和服务有关要求的确定
The organization shall establish, implement and maintain a process to determine the requirements for the products and services to be offered to potential customers.
组织应建立、实施和保持一个过程来确定将提供给潜在顾客的产品和服务要求
The organization shall ensure that:
组织应确保:
a) product and service requirements (including those considered necessary by the organization), and applicable statutory and regulatory requirements, are defined;
产品和服务要求(包括那些由组织认为必要时)以及适用的法律法规要求是明确的
b) it has the ability to meet the defined requirements and substantiate the claims for the products and services it offers.
它有能力满足规定的要求和证实其所提供的产品和服务的要求
8.2.3 Review of requirements related to products and services
与产品和服务有关要求的评审
The organization shall review, as applicable:
适用时,组织应评审:
a) requirements specified by the customer, including the requirements for delivery and post-delivery activities;
由顾客规定的要求,包括交付及交付后的活动要求;
b) requirements not stated by the customer, but necessary for the customers' specified or intended use, when known;
非顾客规定的要求,但已知的顾客规定的或预期的用途所必需的要求;
c) additional statutory and regulatory requirements applicable to the products and services;
适用于产品和服务的附加的法律法规的要求
d) contract or order requirements differing from those previously expressed.
与那些先前表述不一致的合同或订单要求
NOTE Requirements can also include those arising from relevant interested parties.
注:也可包括来自相关方所产生的要求
This review shall be conducted prior to the organization’s commitment to supply products and services to the customer and shall ensure contract or order requirements differing from those previously defined are resolved.
评审应在组织向顾客作出提供产品和服务的承诺之前进行,并应确保与那些先前确定不一致的合同或订单的要求已得到解决。
Where the customer does not provide a documented statement of their requirements, the customer requirements shall be confirmed by the organization before acceptance.
若顾客没有提供形成文件信息的要求,这些顾客的要求应在组织接受前得到确认。
Documented information describing the results of the review, including any new or changed requirements for the products and services, shall be retained.
描述评审结果的记录信息,包括任何新的或变更的产品和服务的要求,应该予以保留。
Where requirements for products and services are changed, the organization shall ensure that relevant documented information is amended and that relevant personnel are made aware of the changed requirements.
若产品和服务要求发生变更,组织应确保相关记录信息得到修改,并确保相关人员知道已变更的要求。
8.3 Design and development of products and services
产品和服务的设计和开发
8.3.1 General
总则
Where the detailed requirements of the organization’s products and services are not already established or not defined by the customer or by other interested parties, such that they are adequate for subsequent production or service provision, the organization shall establish, implement and maintain a design and process.
当组织的产品和服务的详细要求还没有确定或未由顾客或其它相关方定义,但组织有充分条件进行生产和服务提供,组织应建立、实施和保持设计和开发过程的程序。
NOTE 1 The organization can also apply the requirements given in 8.5 to the development of processes for production and services provision
注1:组织也可将8.5的要求应用于生产和服务提供过程的开发
NOTE 2 For services, design and development planning can address the whole service delivery process. The organization can therefore choose to consider the requirements of clauses 8.3 and 8.5 togther.
注2:针对服务而言,设计和开发的策划可以针对整个服务交付过程,组织因此可以选择考虑8.3和8.5条款在一起的要求
8.3.2 Design and development planning
设计和开发的策划
In determining the stages and controls for design and development, the organization shall consider:
在确定设计和开发阶段和控制时,组织应考虑:
a) the nature, duration and complexity of the design and development activities;
设计和开发活动的类型、持续时间和复杂性
b) requirements that specify particular process stages, including applicable design and development reviews;
指定特定的过程阶段的要求,包括适用的设计和开发评审。
c) the required design and development verification and validation;
所需的设计和开发验证与确认
d) the responsibilities and authorities involved in the design and development process;
参与设计和开发过程的职责和权限
e) the need to control interfaces between individuals and parties involved in the design and development process;
参与设计和开发过程的人员和团体间的接口控制需求
f) the need for involvement of customer and user groups in the design and development process;
在设计和开发过程中需要参与的顾客和用户组
g) the necessary documented information to confirm that design and development requirements have been met.
确认设计和开发要求已得到满足的必要的记录信息。
8.3.3 Design and development Inputs
设计和开发输入
The organization shall determine:
组织应确定:
a) requirements essential for the specific type of products and services being designed and developed, including, as applicable, functional and performance requirements;
设计和开发的特定类型的产品和服务的基本要求,适用时,包括功能要求和性能要求。
b) applicable statutory and regulatory requirements;
适用的法律法规要求
c) standards or codes of practice that the organization has committed to implement;
组织一直致力于实施的行业法规和标准
d) internal and external resource needs for the design and development of products and services;
产品和服务的设计和开发所需的内部资源和外部资源
e) the potential consequences of failure due to the nature of the products and services;
产品和服务的性质引发的潜在的失效后果
f) the level of control expected of the design and development process by customers and other relevant interested parties.
顾客和其他相关方对设计和开发过程预期的控制水平
Inputs shall be adequate for design and development purposes, complete, and unambiguous.
输入应满足设计和开发目的、完整和清楚
Conflicts among inputs shall be resolved.
输入之间的矛盾应当解决
8.3.4 Design and development controls
设计和开发控制
The controls applied to the design and development process shall ensure that:
适用于设计和开发过程的控制应确保:
a) the results to be achieved by the design and development activities are clearly defined;
通过设计和开发活动要实现的结果有明确的规定
b) design and development reviews are conducted as planned;
依据策划的安排对设计和开发进行评审
c) verification is conducted to ensure that the design and development outputs have met the design and development input requirements;
实施验证,以确保设计和开发输出已满足设计和开发输入的要求;
d) validation is conducted to ensure that the resulting products and services are capable of meeting the requirements for the specified application or intended use (when known).
实施确认,以确保生成的产品和服务能够满足规定的使用要求或预期用途(当已知);
8.3.5 Design and development outputs
设计和开发输出
The organization shall ensure that design and development outputs:
组织应确保设计和开发输出:
a) meet the input requirements for design and development;
满足设计和开发的输入要求
b) are adequate for the subsequent processes for the provision of products and services;
对后续产品和服务提供时充分的
c) include or reference monitoring and measuring requirements, and acceptance criteria, as applicable;
适用时,包含或引用监视和测量的要求和接受准则;
d) ensure products to be produced, or services to be provided, are fit for intended purpose and their safe and proper use.
确保生产的产品,或者所提供的服务,符合预期的目的和产品和服务的安全和正常使用。
The organization shall retain the documented information resulting from the design and development process.
组织应保留设计和开发过程中产生的文件信息
8.3.6 Design and development changes
设计和开发变更
The organization shall review, control and identify changes made to design inputs and design outputs during the design and development of products and services or subsequently, to the extent that there is no adverse impact on conformity to requirements.
组织应评审、控制和识别在产品和服务的设计和开发过程中或随后产生的设计输入和设计输出变更,某种程度上在符合要求方面没有不良影响。
Documented information on design and development changes shall be retained.
设计和开发变更的信息应予以保留
8.4 Control of externally provided products and services
产品和服务提供的外部控制
8.4.1 General
总则
The organization shall ensure that externally provided processes, products, and services conform to specified requirements.
组织应确保外部提供的过程、产品和服务符合规定的要求。
The organization shall apply the specified requirements for the control of externally provided products and services when:
组织应运用为了控制外部提供的产品和服务的规定要求,当:
a) products and services are provided by external providers for incorporation into the organization’s own products and services;
产品和服务是由外部供应商提供构成组织自身的产品和服务;
b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;
产品和服务直接由外部供应商代表组织提供给客户;
c) a process or part of a process is provided by an external provider as a result of a decision by the organization to outsource a process or function.
外部供方的提供过程或过程的一部分,决定了该组织的外部过程或职能;
The organization shall establish and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with specified requirements.
组织应基于外部供应商按照规定的要求提供过程或产品和服务的能力,建立和应用对外部供应商的评价、选择、绩效的监视和重新评价的准则。
The organization shall retain appropriate documented information of the results of the evaluations, monitoring of the performance and re-evaluations of the external providers.
组织应保留外部供应商的评价、绩效的监视和重新评价结果的适当的记录信息
8.4.2 Type and extent of control of external provision
外部提供的控制的类型和程度
In determining the type and extent of controls to be applied to the external provision of processes, products and services, the organization shall take into consideration:
在确定适用于外部提供的过程、产品和服务的控制类型与程度时,组织应考虑:
a) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements;
外部提供的过程、产品和服务关于组织持续满足顾客和适用的法律法规要求的能力的潜在影响;
b) the perceived effectiveness of the controls applied by the external provider.
外部供方对有效实施控制的感知。
The organization shall establish and implement verification or other activities necessary to ensure the externally provided processes, products and services do not adversely affect the organization's ability to consistently deliver conforming products and services to its customers.
组织应建立并实施检验或其他必要的活动,以确保外部提供的过程、产品和服务,不影响组织稳定提供给其顾客符合的产品和服务的能力。
Processes or functions of the organization which have been outsourced to an external provider remain within the scope of the organization’s quality management system; accordingly, the organization shall consider a) and b) above and define both the controls it intends to apply to the external provider and those it intends to apply to the resulting process output.
该组织已外包给外部供应商的过程或功能保持在组织的质量管理体系的范围之内,同时,组织应考虑以上a)和b)项,并明确外部供方以及过程输出的不同控制类型和深度。
8.4.3 Information for external providers
外部供应商的信息
The organization shall communicate to external providers applicable requirements for the following:
组织应与外部供应商沟通如下适用的要求:
a) the products and services to be provided or the processes to be performed on behalf of the organization;
提供的产品和服务或代表组织实施的过程
b) Approval or release of products and services, methods, processes or equipment;
产品和服务、方法、过程或设备的放行或批准
c) competence of personnel, including necessary qualification;
人员的能力,包含必要的资格
d) their interactions with the organization's quality management system;
他们与组织质量管理体系之间的相互作用
e) the control and monitoring of the external provider’s performance to be applied by the organization;
由组织施加的对外部供应商的业绩的控制和监视
f) verification activities that the organization, or its customer, intends to perform at the external provider’s premises.
组织或其顾客,拟在外部供应商现场实施的验证活动
The organization shall ensure the adequacy of specified requirements prior to their communication to the external provider.
在与外部供应商沟通前,组织应确保所规定的要求是充分的
8.5 Production and service provision
产品和服务提供
8.5.1 Control of production and service provision
产品和服务提供的控制
The organization shall implement controlled conditions for production and service provision, including delivery and post-delivery activities.
组织应在受控条件下实施产品和服务提供,包括交付和交付后的活动
Controlled conditions shall include, as applicable:
适用时,受控条件应包括:
a) the availability of documented information that defines the characteristics of the products and services;
表述产品和服务特性的记录信息的可用性
b) the availability of documented information that defines the activities to be performed and the results to be achieved;
获得表述实施的活动及其实施结果的记录信息
c) monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met.
在适当阶段监视和测量活动证实已满足过程和过程输出的控制准则,及产品和服务的接受准则;
d) the use, and control of suitable infrastructure and process environment;
使用、并控制适宜的基础设施和过程环境;
e) the availability and use of suitable monitoring and measuring resources;
获得和使用适宜的测量和监视资源;
f) the competence and, where applicable, required qualification of persons;
适用情况下,人员的能力和所需的资格
g) the validation, and periodic revalidation, of the ability to achieve planned results of any process for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement;
当结果的输出不能通过后续的监视和测量加以验证时,对实现所策划的任何产品和服务提供过程的结果能力的确认和重新确认
h) the implementation of products and services release, delivery and post-delivery activities.
产品和服务的放行,交付和交付后活动的实施。
8.5.2 Identification and traceability
标识和可追溯性
Where necessary to ensure conformity of products and services, the organization shall use suitable means to identify process outputs.
当必须确保产品和服务的符合性,组织应使用适宜的方法识别过程输出。
The organization shall identify the status of process outputs with respect to monitoring and measurement requirements throughout production and service provision.
组织应在产品和服务提供的全过程中相对于监视和测量要求识别过程输出的状态。
Where traceability is a requirement, the organization shall control the unique identification of the process outputs, and retain any documented information necessary to maintain traceability.
在有可追溯性要求的场合,组织应控制过程输出的唯一性标识,并保留所有必需的保持可追溯性的记录信息。
NOTE Process outputs are the results of any activities which are ready for delivery to the organization’s customer or to an internal customer (e.g. receiver of the inputs to the next process); they can include products, services, intermediate parts, components, etc.
注:过程输出是任何活动的结果,它将交付给组织的顾客或内部顾客(例如,下一个过程输入的接受者);他们可以包括产品、服务、中间件、零部件等。
8.5.3 Property belonging to customers or external providers
顾客或外部供应商的财产
The organization shall exercise care with property belonging to the customer or external providers while it is under the organization's control or being used by the organization. The organization shall identify, verify, protect and safeguard the customer’s or external provider’s property provided for use or incorporation into the products and services.
组织应爱护在组织控制下或由组织使用的属于顾客或外部供应商的财产,组织应识别、验证、保护和维护供其使用或构成产品和服务的顾客或外部供应商的财产。
When property of the customer or external provider is incorrectly used, lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider.
当顾客或外部供应商的财产被错误使用、丢失、损坏或发现不适用时,组织应向顾客或外部供应商报告。
NOTE Customer property can include material, components, tools and equipment, customer premises, intellectual property and personal data.
注:顾客财产可以包括:材料、零部件、工具或设备、顾客设施、知识产权和私人信息。
8.5.4 Preservation
产品防护
The organization shall ensure preservation of process outputs during production and service provision, to the extent necessary to maintain conformity to requirements.
组织应确保在产品和服务提供过程中过程输出的防护,在一定程度上必需保持符合要求。
NOTE Preservation can include identification, handling, packaging, storage, transmission or transportation, and protection.
注:防护可以包括:标识、搬运、包装、贮存、传输或运输、和保护。
8.5.5 Post-delivery activities
交付后的活动
As applicable, the organization shall meet requirements for post-delivery activities associated with the products and services.
适用时,组织应满足与产品和服务相关的交付后的活动要求
In determining the extent of post-delivery activities that are required, the organization shall consider:
在确定被要求的交付后活动所需的程度,组织应考虑:
a) the risks associated with the products and services;
与产品和服务相关的风险
b) the nature, use and intended lifetime of the products and services;
产品和服务的性质、用途和预期寿命
c) customer feedback;
顾客反馈
d) statutory and regulatory requirements.
法律法规要求
NOTE Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
注:交付后的活动可以包括:保修条款的措施、诸如维护服务的合同义务,及诸如回收或最终处置等附加服务
8.5.6 Control of changes
变更控制
The organization shall review and control unplanned changes essential for production or service provision to the extent necessary to ensure continuing conformity with specified requirements.
组织应评审和控制用于产品或服务提供必要的非计划的变更,确保持续满足规定的要求
The organization shall retain documented information describing the results of the review of changes, the personnel authorizing the change, and any necessary actions.
组织应将变更的评审结果、变更的人员授权、和任何必要的措施的记录信息予以保留
8.6 Release of products and services
产品和服务的放行
The organization shall implement the planned arrangements at appropriate stages to verify that product and service requirements have been met. Evidence of conformity with the acceptance criteria shall be retained.
组织应在适当的阶段实施策划的安排,以验证产品和服务要求已得到满足,符合接受准则的证据应予以保留。
The release of products and services to the customer shall not proceed until the planned arrangements for verification of conformity have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer. Documented information shall provide traceability to the person(s) authorizing release of products and services for delivery to the customer.
除非得到有关授权人员的批准,和适用时得到顾客的批准,否则在策划的符合性验证安排已圆满完成之前,不应向顾客进行产品和服务的放行。记录信息应提供可追溯的授权放行产品和服务以交付给顾客的人员。
8.7 Control of nonconforming process outputs, products and services
不合格的过程输出、产品和服务的控制
The organization shall ensure process outputs, products and services that do not conform to requirements are identified and controlled to prevent their unintended use or delivery.
组织应确保对不符合要求的过程输出、产品和服务得到识别和控制,以防止它们的非预期使用或交付。
The organization shall take appropriate corrective action based on the nature of the nonconformity and its impact on the conformity of products and services. This applies also to nonconforming products and services detected after delivery of the products or during the provision of the service.
组织应基于对产品和服务符合性的不符合性质及其影响采取适当的纠正措施,这也适用于在产品交付后或服务提供过程中发生的不合格产品和服务的处置。
As applicable, the organization shall deal with nonconforming process outputs, products and services in one or more of the following ways:
适用时,组织应用以下一种或多种方法处置不合格的过程输出、产品和服务
a) correction;
纠正
b) segregation, containment, return or suspension of provision of products and services;
隔离、控制、召回或暂停产品和服务的提供
c) informing the customer;
通知顾客
d) obtaining authorization for:
获得以下授权:
use “as-is’;
免责使用
release, continuation or re-provision of the products and services;
放行、继续使用或重新提供产品和服务
acceptance under concession.
让步接受
Where nonconforming process outputs, products and services are corrected, conformity to the requirements shall be verified.
在不合格的过程输出、产品和服务得到纠正之后,应对其要求的符合性进行验证。
The organization shall retain documented information of actions taken on nonconforming process outputs, products and services, including on any concessions obtained and on the person or authority that made the decision regarding dealing with the nonconformity.
组织应保留有关不合格的过程输出、产品和服务已采取措施的记录信息,包括获取的任何让步、作出处置不合格决定的人或机构。