8.5.5 Post - delivery activities

For example, you can ask if there are any legal requirements related to guarantees or complementary services, such as recycling and final disposal. From there you can ask if they are planned, you can ask for records about their treatment and check if planned procedures are followed, you can ask for any performance monitoring and evaluation records.

The following material will provide you information about post-delivery activities:

• ISO 9001 – ISO 9001:2015 clause 8.5 Product realization – Practical examples for compliance - https://advisera.com/9001academy/blog/2015/11/03/iso-90012015-clause-8-5-product-realization-practical-examples-for-compliance/
• Managing Production an d Service Provision using ISO 9001 - https://advisera.com/9001academy/blog/2017/11/21/managing-production-and-service-provision-using-iso-9001/
• Understanding Product & Service Provision in ISO 9001 - https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/
• ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Thank you. This is very helpful and guidance to understand what questions to ask related to technical support.

What clasue would cyber-securities related process fall under? 

I’ve always considered cyber-security related issues under clause 7.5.3

As a minimum I recommend considering: access control; backups; anti-virus and firewalls.

Carlos,

I do not understand how cyber-secuirty falls under clause 7.5.3 Control of Document information? From my understanding, this clasue explains how processes and procedures are documented, controlled, updated, retained,  stored, version update, etc. Please advise.

According to clause 7.5.2 b) documents can be in several formats and supports suitable for use: on paper, in electronic format, as instructions in a computer application, as a graphic scheme, as a photograph of a defect, etc.

How do you ensure conformity to clause 7.5.2 c) in an electronic environment? Access control and different permissions levels

How do you ensure conformity to clause 7.5.3.1 b) in an electronic environment? Backups, antivirus, firewalls

How do you ensure conformity to clause 7.5.3.2 b) in an electronic environment? Backups, antivirus, firewalls

How do you ensure conformity to clause 7.5.3.2 c) in an electronic environment? Access control and different permissions

Oh I see. I failed to explain what cyber-security means for our company. When we say cyber-security, it refers to cyber-security for our products. We have a process in place to manage vulnerabilites of our products if dectected through internal testing, internal reporting, and/or external reporting and how we  react and resolve that. What would this specfic process fall under?

That changes my answer completely:

• internal testing – 8.6 and 8.7 (your quality control. One event may trigger action)
• internal reporting – 9.1.3 (your performance evaluation. A trend may trigger action)
• external reporting – 8.2.1 c); 9.1.2 and 10.2 (complaints, market or customer surveys, …)
   

Hope we both settled the issue

Yes, that helps! I was leaning towards 8.5.1 but I see why the listed clause above would cover the process we are auditing! Thank you very much! 

What clause would I use for certificates and lab testing required for products?

If we are talking about purchased products that your organization wants to control in terms of quality, I would consider 8.4.2

If we are talking about manufactured products that we want to deliver and want to ensure quality, I would consider 8.5.1 a) and 8.6

I hope I understood your question well

Yes, the certificates are for the products we manufacture and provide to our customers. Thank you!.

We have a proces aid Global Sales in the selection and management of channel partners. What clasue would this fall under? 8 or 8.4?

Consider the example of a small manufacturing company that want to sell their branded product through a big wholesaler chain. Most certainly, in this case, the relevant clause is 8.2. The wholesaler has all the power and they will pay a price for each order.

If the manufacturing company pays directly to the channel partner a kind of rent to “own” a shelf to display the product to consumers then the relevant clause is 8.4.