ISO 9001 Revision explained in simple terms
Statutory and regulatory requirements
In a series of technical lectures, Quality Austria provides information on the revision of ISO 9001:2015. Each month, a key concept of the revision will be explained more profoundly. This month, Eckehard Bauer, MSc, and Ing. Wolfgang Hackenauer, MSc, explain the exciting topic of the statutory and regulatory requirements and show seven steps to legal certainty.
Understanding statutory and regulatory requirements
Eckehard Bauer, MSc, and Wolfgang Hackenauer, MSc
What approach is pursued by ISO 9001:2015?
ISO 9001:2015 can be used to enable organizations to permanently meet the customer requirements as well as the statutory and regulatory requirements that are applicable to the products and services provided by the organizations. Furthermore, statutory and regulatory requirements are significant for the scope of the Standard. ISO 9001:2015 does not include any specific requirements relating to other management systems, e.g. environmental management systems, occupational health and safety management systems or finance management systems.
Examples of statutory requirements:
- laws (Product Liability Act, Act on Electrical Engineering, food law, etc.)
- Regulations and Directives (Machinery Safety Regulation, “CE marking”, Construction Products Directive, etc.)
- administrative decisions (trade licences)
- contracts (delivery contract, customer contract, liability insurance, etc.)
- internal obligations (company agreements, working-time models, plans for personnel development, etc.)
The Figure is to give a rough overview of what Clauses in connection with “statutory and regulatory requirements” (Note: Instead of “statutory and regulatory requirements”, “legal requirements” can also be used) need to be taken into account and of the concrete requirements to be met (e.g. determination of the legal requirements).
Fig. 1: Statutory Requirements
In connection with issues relating to products and services, the topic of legal requirements placed on organizations sometimes is particularly critical.
In order to meet the customers’ expectations and the relevant statutory and regulatory requirements, the organizations are required to determine the relevant requirements and monitor and review relevant information. Furthermore, top management must be capable of demonstrating that the customer requirements as well as applicable statutory and regulatory requirements are determined, understood and met.
Moreover, the organization must be capable of ensuring that it can provide products and services that help the organization to keep promises relating to any statutory and regulatory requirements (feasibility study, contract review). If the organization provides design and development services, applicable statutory and regulatory requirements will have to be considered as design and development input.
When determining the type and extent of control of external provision of processes, products and services, statutory and regulatory requirements will have to be taken into account. These requirements also need to be taken into consideration at post-delivery activities.
Changes to the preceding issue
Up to now, the statutory and regulatory requirements have only been dealt with in the general part.
Now the topic draws a red-thread path through the Standard. However, a comparison with ISO 14001:2015 shows the following: Even though a high level structure is striven for, it is ISO 14001:2015 that closes the control loop. A bow is bent from a commitment to the protection of the environment in environmental policy via performance evaluation to management review.
By systematically implementing these normative requirements relating to the topic of “law”, an organization can take significant steps to becoming fit to meet statutory and regulatory requirements. If statutory and regulatory requirements are not directly transmitted by the customer, it will become necessary to investigate into product and/or service specific obligations.
The REGULATION (EC) No 765/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 basically regulates market surveillance of certain products. The member states have issued national Market Surveillance Programmes.
Market surveillance is aimed at ensuring that products will only be brought into circulation and put into operation if they do not pose any risks and hazards to the safety and health of persons and if they meet other requirements regulated in the relevant Regulations, Directives and Acts. Examples of other topics of market surveillance include accuracy of inspection, measuring and test equipment or good housekeeping with energy.
Excerpt from the Market Surveillance Programme 2016:
- ISO 9001 Revision explained in simple terms – The Context of the Organization
- ISO 9001 Revision explained in simple Terms – The Process Approach
- ISO 9001 Revision explained in simple terms – The concept of “Risk-Based Thinking”
- ISO 9001 Revision explained in simple terms – Performance Evaluation
- ISO 9001 Revision explained in simple terms – Knowledge of the Organization
- ISO 9001 Revision explained in simple terms – Monitoring and Measurement Devices related to Provision of Services
- ISO 9001 Revision explained in simple terms - Competence
- ISO 9001 Revision explained in simple terms - Changes
- ISO 9001 Revision explained in simple terms - Awareness
- ISO 9001 Revision explained in simple terms -Statutory and regulatory requirements