ISO/IEC TS 33053:2019

TECHNICAL ISO/IEC TS
SPECIFICATION 33053
First edition
2019-11
Information technology — Process
assessment — Process Reference
Model (PRM) for quality management
Technologies de l'information — Évaluation du processus — Modèle
de référence de processus pour la gestion de la qualité
Reference number
©
ISO/IEC 2019
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Overview of the process reference model . 1
5 Process descriptions . 2
5.1 General . 2
5.2 COM.01 Communication management . 3
5.3 COM.02 Documentation management . 3
5.4 COM.03 Human resource management . 4
5.5 COM.04 Improvement . 5
5.6 COM.05 Internal audit. 5
5.7 COM.06 Management review . 6
5.8 COM.07 Non-conformity management . 6
5.9 COM.08 Operational planning . 6
5.10 COM.09 Operational implementation and control . 7
5.11 COM.10 Performance evaluation . 8
5.12 COM.11 Risk management . 9
5.13 ORG.01 Asset management . 9
5.14 ORG.02 Measurement resource management . 9
5.15 ORG.03 Supplier management .10
5.16 TEC.01 Configuration management .10
5.17 TEC.02 Process changes .11
5.18 TEC.03 Product/service changes .11
5.19 TEC.04 Product/service design .11
5.20 TEC.05 Product/service planning .11
5.21 TEC.06 Product/service quarantine .12
5.22 TEC.07 Product/service requirements .12
5.23 TEC.08 Product/service review .13
5.24 TEC.09 Product/service supply .13
5.25 TEC.10 Product/service validation .14
5.26 TEC.11 Product/service verification .14
5.27 TOP.01 Leadership .14
Annex A (informative) The relationship between management system requirements and a
process reference model .16
Annex B (informative) Statement of conformity to ISO/IEC 33004 .55
Bibliography .57
© ISO/IEC 2019 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 7, Systems and Software Engineering.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2019 – All rights reserved

Introduction
The purpose of this document is to facilitate the development of a process assessment model described
in ISO/IEC TS 33073.
ISO/IEC 33002 describes the requirements for the conduct of an assessment. ISO/IEC 33004 describes
the requirements for process reference, process assessment and maturity models. ISO/IEC 33020
describes the measurement scale for assessing the process quality characteristic of process capability.
ISO/IEC 33001 describes the concepts and terminology used for process assessment.
A process reference model is a model comprising definitions of processes described in terms of process
purpose and outcomes, together with an architecture describing the relationships between the
processes. Using the process reference model in a practical application can require additional elements
suited to the environment and circumstances.
The process reference model specified in this document describes the processes including the quality
management system processes implied by ISO 9001. Each process of this process reference model
is described in terms of a purpose and outcomes, and provides traceability to requirements. The
process reference model does not attempt to place the processes in any specific environment nor does
it pre-determine any level of process capability required to fulfil the ISO 9001 requirements. The
process reference model is not intended to be used for a conformity assessment audit or as a process
implementation reference guide.
The relationships between ISO 9001, ISO/IEC TR 24774, ISO/IEC 33002, ISO/IEC 33004, ISO/IEC 33020,
ISO/IEC TS 33053 and ISO/IEC TS 33073 are shown in Figure 1.
Figure 1 — Relationships between relevant standards
Any organization can define processes with additional elements in order to suit it to its specific
environment and circumstances. Some processes cover general management aspects of an organization.
These processes have been identified in order to give coverage to the requirements of ISO 9001.
The process reference model does not provide the evidence required by ISO 9001. The process reference
model does not specify the interfaces between the processes.
This document describes a process reference model for quality management with descriptions of
processes in Clause 5. Annex A describes the relationship between management system requirements
© ISO/IEC 2019 – All rights reserved v

and process model elements. Annex B provides the statement of conformity in accordance with
ISO/IEC 33004.
vi © ISO/IEC 2019 – All rights reserved

TECHNICAL SPECIFICATION ISO/IEC TS 33053:2019(E)
Information technology — Process assessment — Process
Reference Model (PRM) for quality management
1 Scope
This document defines a process reference model for the domain of quality management.
The model specifies a process architecture for the domain and comprises a set of processes. Each
process is described in terms of process purpose and outcomes.
NOTE Users of this document can freely reproduce the detailed descriptions contained in this process
reference model as part of any tool or other material to support the performance of process assessments, so that
it can be used for its intended purpose.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 33001, Information technology — Process assessment — Concepts and terminology
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 33001 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
4 Overview of the process reference model
This clause describes the structure of a process reference model to support quality management.
The process reference model includes processes, which can already exist in the context of a quality
management system of a service provider.
Figure 2 identifies the processes derived from ISO 9001 requirements. Three process groups are
identified, namely, common processes, technical processes and organizational processes. The term
"common processes" refers to those processes identified with the text in the management system
subclauses that is common to all management system standards. The term "technical processes" refers
to processes associated with the technical domain of the application standard. In the present case of
ISO 9001, the technical processes underpin the implementation of those requirements associated with
the creation or support of products and services. "organizational processes" refers to those processes
that support the implementation of the requirements for products and services.
© ISO/IEC 2019 – All rights reserved 1

Figure 2 — Processes in the process reference model
5 Process descriptions
5.1 General
The process descriptions in this process reference model are defined following the guidance set out in
ISO/IEC TR 24774. Each process in the process reference model has the following descriptive elements.
a) Process ID: each process belonging to a group is identified with a process identifier (ID) consisting
of the group abbreviated name and a sequential number of the process in that group.
b) Name: the name of a process is a short phrase that summarizes the scope of the process, identifying
the principal concern of the process, and distinguishes it from other processes within the scope of
the process reference model.
c) Purpose: the purpose of the process is a high level, overall goal for performing the process.
d) Outcomes: an outcome is an observable result of the successful achievement of the process purpose.
Outcomes are measurable, tangible, technical or business results that are achieved by a process.
Outcomes are observable and assessable.
e) Requirements traceability: the outcomes are based on the requirements of ISO 9001. The references
identify the applicable subclauses of ISO 9001, the subclause heading, and the outcomes that are
supported.
In 5.2 to 5.27, all entries in the requirements traceability row end with numbers in square brackets,
(i.e. [n]). Each number in the square brackets is a reference to a numbered outcome. These outcomes are
directly linked to the requirements of ISO 9001.
Some outcomes are shown in square brackets. These are only indirectly linked to requirements of
ISO 9001. The outcomes in square brackets are not referenced by any of the entries in the requirements
traceability row. These additional outcomes have been included because they are considered necessary
2 © ISO/IEC 2019 – All rights reserved

in order for this type of process reference model to serve as the basis of the process assessment model
(ISO/IEC TS 33073). With these additional outcomes, the process is complete and the process purpose
can be achieved.
5.2 COM.01 Communication management
Process ID COM.01
Name Communication management
Purpose The purpose of communication management is to produce timely and accurate in-
formation products to support effective communication and decision making.
Outcomes As a result of successful implementation of this process:
[1)  Information content is defined in terms of identified communication requirements.]
2)  Parties to communicate with are identified.
3)  The party responsible for the communication is identified.
4)  Events that require communication actions are identified.
5)  The channel for the communication is selected.
6)  Information products are communicated to relevant interested parties.
Requirements ISO 9001:2015, 5.1.1, General [6]
traceability
ISO 9001:2015, 5.2.2, Communicating the quality policy [6]
ISO 9001:2015, 7.4, Communication [2][3][4][5]
ISO 9001:2015, 8.2.4, Changes to requirements for products and services [6]
ISO 9001:2015, 8.4.3, Information for external providers [6]
ISO 9001:2015, 8.7.1 [6]
ISO 9001:2015, 9.2.2 [6]
5.3 COM.02 Documentation management
Process ID COM.02
Name Documentation management
Purpose The purpose of document management is to provide relevant, timely, complete,
valid documented information to designated parties.
Outcomes As a result of successful implementation of this process:
1)  Documented information to be documented is identified.
2)  The forms of documented information representation are defined.
3)  The documented information content status is known.
4)  Documented information is current, complete and valid.
5)  Documented information is released according to defined criteria.
6)  Documented information is available to relevant interested parties.
7)  Documented information is archived, or disposed of, as required.
© ISO/IEC 2019 – All rights reserved 3

Requirements ISO 9001:2015, 4.3, Determining the scope of the quality management system [1][3]
traceability
ISO 9001:2015, 5.2.2, Communicating the quality policy [1][4][6]
ISO 9001:2015, 6.2.1 [3][4]
ISO 9001:2015, 7.1.5.1, General [1]
ISO 9001:2015, 7.1.6, Organizational knowledge [4][6]
ISO 9001:2015, 7.2, Competence [1]
ISO 9001:2015, 7.5.2, Creating and updating [2][5]
ISO 9001:2015, 7.5.3.1 [4][6]
ISO 9001:2015, 7.5.3.2 [2][4][6][7]
ISO 9001:2015, 8.1, Operational planning and control [1]
ISO 9001:2015, 8.2.3.2 [1]
ISO 9001:2015, 8.2.4, Changes to requirements for products and services [3][4]
ISO 9001:2015, 8.3.2, Design and development planning [1]
ISO 9001:2015, 8.3.3, Design and development inputs [1]
ISO 9001:2015, 8.3.4, Design and development controls [1]
ISO 9001:2015, 8.3.5, Design and development outputs [1]
ISO 9001:2015, 8.3.6, Design and development changes [1]
ISO 9001:2015, 8.4.1, General [1]
ISO 9001:2015, 8.5.1, Control of production and service provision [1]
ISO 9001:2015, 8.5.2, Identification and traceability [1]
ISO 9001:2015, 8.5.3, Property belonging to customers or external providers [1]
ISO 9001:2015, 8.5.6, Control of changes [1]
ISO 9001:2015, 8.6, Release of products and services [5]
ISO 9001:2015, 8.7.2 [1]
ISO 9001:2015, 9.1.1, General [1]
ISO 9001:2015, 9.2.2 [1]
ISO 9001:2015, 9.3.3, Management review outputs [1]
ISO 9001:2015, 10.2.2 [1]
5.4 COM.03 Human resource management
Process ID COM.03
Name Human resource management
Purpose The purpose of human resource management is to provide the organization with
necessary competent human resources and to improve their competencies, in align-
ment with business needs.
Outcomes As a result of successful implementation of this process:
1)  The competencies required by the organization to produce products and servic-
es are identified.
2)  Identified competency gaps are filled through training or recruitment.
3)  Understanding of roles and activities in achieving organisational objectives in
product and service provision is demonstrated by each person.
4 © ISO/IEC 2019 – All rights reserved

Requirements ISO 9001:2015, 7.2, Competence [1][2]
traceability
ISO 9001:2015, 7.3, Awareness [3]
5.5 COM.04 Improvement
Process ID COM.04
Name Improvement
Purpose The purpose of improvement is to continually improve the management system, its
processes, products and services.
Outcomes As a result of successful implementation of this process:
1)  Opportunities for improvement are identified.
2)  Opportunities for improvement are evaluated against defined criteria.
[3)  Improvements are prioritized.]
[4)  Improvements are implemented.]
[5)  The effectiveness of implemented improvements is evaluated.]
Requirements ISO 9001:2015, 9.1.3, Analysis and evaluation [2]
traceability
ISO 9001:2015, 9.3.3, Management review outputs [1]
ISO 9001:2015, 10.1, General [1]
ISO 9001:2015, 10.3, Continual improvement [1]
5.6 COM.05 Internal audit
Process ID COM.05
Name Internal audit
Purpose The purpose of internal audit is to independently determine conformity of the man-
agement system, products, services, and processes to the requirements, policies,
plans and agreements, as appropriate.
Outcomes As a result of successful implementation of this process:
1)  The scope and purpose of each audit is defined.
2)  The objectivity and impartiality of the conduct of audits and selection of audi-
tors are assured.
3)  Conformity of selected services, products and processes with requirements,
plans and agreements is determined.
Requirements ISO 9001:2015, 9.2.1 [3]
traceability
ISO 9001:2015, 9.2.2 [1][2][3]

© ISO/IEC 2019 – All rights reserved 5

5.7 COM.06 Management review
Process ID COM.06
Name Management review
Purpose The purpose of management review is to assess the performance of the manage-
ment system, to identify and make decisions regarding potential improvements.
Outcomes As a result of successful implementation of this process:
1)  The objectives of the review are established.
2)  The status and performance of an activity or process are assessed in terms of
the established objectives.
3)  Risks, problems and opportunities for improvement are identified.
Requirements ISO 9001:2015, 9.3.1, General [2]
traceability
ISO 9001:2015, 9.3.2, Management review inputs [1]
ISO 9001:2015, 9.3.3, Management review outputs [3]
5.8 COM.07 Non-conformity management
Process ID COM.07
Name Non-conformity management
Purpose The purpose of the non-conformity management process is to resolve non-conform-
ities and to eliminate their causes when appropriate.
Outcomes As a result of successful implementation of this process:
1)  Non-conformities are identified.
2)  Non-conformities are resolved and closed.
3)  The cause(s) of selected non-conformities is determined.
4)  The need for action to eliminate the causes of non-conformities is evaluated.
5)  A selected action proposal is implemented.
6)  The effectiveness of changes to eliminate the non-conformities is confirmed.
Requirements ISO 9001:2015, 7.1.5.2, Measurement traceability [1]
traceability
ISO 9001:2015, 7.4, Communication [5]
ISO 9001:2015, 9.2.2 [1]
ISO 9001:2015, 10.2.1 [1][2][3][4][5][6]
5.9 COM.08 Operational planning
Process ID COM.08
Name Operational planning
Purpose The purpose of operational planning is to define the characteristics of all operation-
al and organizational processes, and to plan their execution.
6 © ISO/IEC 2019 – All rights reserved

Outcomes As a result of successful implementation of this process:
1)  Process requirements are identified.
2)  Process input and output products are determined.
3)  The set of activities that transform the inputs into outputs is determined.
4)  The sequence and interaction of the process with other processes is determined.
5)  The required competencies and roles for performing the process are identified.
6)  The required resources for performing the process are identified.
7)  Methods for monitoring the effectiveness and suitability of the process are
determined.
8)  Plans for the deployment of the process are developed.
Requirements ISO 9001:2015, 4.4.1, [2][4][5][6][7]
traceability
ISO 9001:2015, 5.2.1, Establishing the quality policy [1]
ISO 9001:2015, 5.3, Organizational roles, responsibilities and authorities [5]
ISO 9001:2015, 6.1.1 [1][8]
ISO 9001:2015, 6.1.2 [8]
ISO 9001:2015, 6.2.2 [1][5][6][7][8]
ISO 9001:2015, 6.3, Planning of changes [1]
ISO 9001:2015, 7.1.1, General [6]
ISO 9001:2015, 7.1.3, Infrastructure [1]
ISO 9001:2015, 7.1.4, Environment for the operation of processes [1]
ISO 9001:2015, 7.1.5.1, General [1]
ISO 9001:2015, 7.5.2, Creating and updating [1]
ISO 9001:2015, 8.1, Operational planning and control [1][2][4][6]
ISO 9001:2015, 8.2.1, Customer communication [1]
ISO 9001:2015, 8.3.2, Design and development planning [8]
ISO 9001:2015, 8.3.4, Design and development controls [1]
ISO 9001:2015, 8.5.1, Control of production and service provision [3][4][5][6][7]
ISO 9001:2015, 9.1.1, General [8]
ISO 9001:2015, 9.2.1 [8]
ISO 9001:2015, 9.2.2 [8]
ISO 9001:2015, 9.3.1, General [8]
ISO 9001:2015, 9.3.2, Management review inputs [8]
5.10 COM.09 Operational implementation and control
Process ID COM.09
Name Operational implementation and control
Purpose The purpose of the operational implementation and control process is to deploy and
control the execution and performance of operational and organizational processes.
© ISO/IEC 2019 – All rights reserved 7

Outcomes As a result of successful implementation of this process:
1)  The required roles, responsibilities and authorities are allocated.
2)  The required resources are allocated and applied.
3)  Actions required to achieve the management system objectives are implemented.
4)  Suitability and effectiveness of the actions taken to achieve the management
system objectives are reviewed.
5)  Deviations from planned arrangements are corrected when targets are not
achieved.
6)  Data is collected and analysed as a basis for understanding the behaviour of,
and to demonstrate the suitability and effectiveness of the processes.
Requirements ISO 9001:2015, 4.1, Understanding the organization and its context [4]
traceability
ISO 9001:2015, 4.2, Understanding the needs and expectations of interested par-
ties [4]
ISO 9001:2015, 5.2.1, Establishing the quality policy [3][4]
ISO 9001:2015, 5.3, Organizational roles, responsibilities and authorities [1]
ISO 9001:2015, 7.1.1, General [2]
ISO 9001:2015, 7.1.2, People [2]
ISO 9001:2015, 7.1.3, Infrastructure [3]
ISO 9001:2015, 7.1.4, Environment for the operation of processes [3][4]
ISO 9001:2015, 7.1.5.1, General [2][3]
ISO 9001:2015, 7.2, Competence [4]
ISO 9001:2015, 8.1, Operational planning and control [3][4][5]
ISO 9001:2015, 8.2.3.1 [4]
ISO 9001:2015, 8.4.3, Information for external providers [4]
ISO 9001:2015, 8.5.1, Control of production and service provision [3]
ISO 9001:2015, 9.1.3, Analysis and evaluation [6]
ISO 9001:2015, 9.2.2 [3][4]
5.11 COM.10 Performance evaluation
Process ID COM.10
Name Performance evaluation
Purpose The purpose of performance evaluation is to collect and analyse data that will be
used to evaluate the performance of the management system and the business pro-
cesses in terms of the defined objectives.
Outcomes As a result of successful implementation of this process:
1)  Performance monitoring and measurement needs are defined.
[2)  Performance measures, derived from the performance measurement needs,
are identified.]
3)  Performance measurement methods, supportive of the performance measures,
are identified.
4)  Data is collected using the identified performance measurement methods.
5)  The collected performance data is analysed.
8 © ISO/IEC 2019 – All rights reserved

Requirements ISO 9001:2015, 9.1.1, General [1][3][4]
traceability
ISO 9001:2015, 9.1.2, Customer satisfaction [1][3]
ISO 9001:2015, 9.1.3, Analysis and evaluation [5]
5.12 COM.11 Risk management
Process ID COM.11
Name Risk management
Purpose The purpose of risk management is to identify, analyse, evaluate, treat and moni-
tor risks.
Outcomes As a result of successful implementation of this process:
[1)  Criteria for the assessment of risks and the acceptable level of risk are identified.]
2)  Risks are identified.
[3)  Identified risks are analysed.]
[4)  Risks are evaluated against defined criteria.]
[5)  Risks are selected for treatment.]
6)  Selected risks are treated.
Requirements ISO 9001:2015, 6.1.2 [6]
traceability
ISO 9001:2015, 10.2.1 [2]
5.13 ORG.01 Asset management
Process ID ORG.01
Name Asset management
Purpose The purpose of the asset management process is to establish and maintain the in-
tegrity of all identified product assets.
Outcomes As a result of successful implementation of this process:
1)  Items requiring asset management are identified.
2)  Asset status is known.
[3)  Changes to assets under management are controlled.]
4)  The integrity of assets is assured.
Requirements ISO 9001:2015, 8.5.3, Property belonging to customers or external providers [1][2][4]
traceability
5.14 ORG.02 Measurement resource management
Process ID ORG.02
Name Measurement resource management
Purpose The purpose of the measurement resource management process is to ensure that
measurement resources used to perform tests and calibrations is acquired, con-
trolled and maintained.
© ISO/IEC 2019 – All rights reserved 9

Outcomes As a result of successful implementation of this process:
[1)  Requirements for measurement resources are defined.]
[2)  Measurement resources for performing tests and calibrations is acquired.]
3)  Measurement resource items are identified.
4)  The calibration status of measurement resource items is confirmed at
appropriate intervals.
[5)  Measurement resources are maintained in accordance with defined re-
quirements.]
6)  Mal-performing measurement resources are segregated and controlled in order
to avoid unintended use.
Requirements ISO 9001:2015, 7.1.5.2, Measurement traceability [3][4][6]
traceability
5.15 ORG.03 Supplier management
Process ID ORG.03
Name Supplier management
Purpose The purpose of the supplier management process is to ensure supplier products/
services are managed and integrated into the delivered product/service to meet the
agreed requirements.
Outcomes As a result of successful implementation of this process:
[1)  Suppliers are identified.]
[2)  Products/services to be provided are negotiated with each supplier.]
[3)  Determine the roles and relationships between the organization and its suppli-
ers and, where applicable, between suppliers.]
[4)  The capability of subcontracted suppliers to meet obligations is confirmed.]
[5)  Supplier obligations to meet requirements are monitored.]
6)  Supplier performance against agreed criteria is monitored.
Requirements ISO 9001:2015, 9.1.3 Analysis and evaluation [6]
traceability
5.16 TEC.01 Configuration management
Process ID TEC.01
Name Configuration management
Purpose The purpose of the configuration management process is to identify, control, re-
cord, track, report and verify all identified product/service components.
Outcomes As a result of successful implementation of this process:
1)  Items requiring configuration management are identified.
2)  The status of configuration items and modifications is known.
[3)  Changes to items under configuration management are controlled.]
[4)  The integrity of systems, products/services and product/service components is
assured.]
[5)  The configuration of released items is controlled.]
10 © ISO/IEC 2019 – All rights reserved

Requirements ISO 9001:2015, 8.5.2, Identification and traceability [1][2]
traceability
5.17 TEC.02 Process changes
Process ID TEC.02
Name Process changes
Purpose The purpose of the process change process is to manage changes in order to im-
prove the effectiveness and/or efficiency of the process.
Outcomes As a result of successful implementation of this process:
1)  Process change requests are classified.
2)  Process change requests are assessed using defined criteria.
3)  Process changes are implemented, as appropriate.
Requirements ISO 9001:2015, 8.5.6, Control of changes [1][2][3]
traceability
5.18 TEC.03 Product/service changes
Process ID TEC.03
Name Product/service changes
Purpose The purpose of the product/service change process is to manage changes through
the product/service lifecycle.
Outcomes As a result of successful implementation of this process:
1)  Product/service change requests are identified and classified.
2)  Product/service change requests are assessed using defined criteria.
3)  Product/service changes are implemented, as appropriate.
Requirements ISO 9001:2015, 8.3.6, Design and development changes [1][2][3]
traceability
5.19 TEC.04 Product/service design
Process ID TEC.04
Name Product/service design
Purpose The purpose of the product/service design process is to provide a design for the
product/service that implements the requirements and can be verified against the
requirements.
Outcomes As a result of successful implementation of this process:
1)  Design for each product/service component is developed in accordance with
defined requirements.
2)  External and internal interfaces for each product/service component are defined.
Requirements ISO 9001:2015, 8.3.5, Design and development outputs [1][2]
traceability
5.20 TEC.05 Product/service planning
Process ID TEC.05
Name Product/service planning
© ISO/IEC 2019 – All rights reserved 11

Purpose The purpose of the product/service planning process is to produce effective and
workable plans to direct product and/or service plan implementation.
Outcomes As a result of successful implementation of this process:
[1)  The objectives for the scope of the work associated with the development of the
product/service are defined.]
[2)  The feasibility of achieving the objectives of the product/service development
with available resources and constraints are evaluated.]
[3)  The tasks and resources necessary to complete the product/service develop-
ment are sized and estimated.]
[4)  The responsibilities and authorities needed at each stage of product/service
development are identified.]
[5)  Interfaces between customer and relevant interested parties are identified.]
6)  Plans for the development of the product/service are developed.
Requirements ISO 9001:2015, 8.3.4, Design and development controls [6]
traceability
5.21 TEC.06 Product/service quarantine
Process ID TEC.06
Name Product/service quarantine
Purpose The purpose of the product/service quarantine process is to ensure that products/
services that do not meet customer requirements are controlled with a view to
prevent unintended use.
Outcomes As a result of successful implementation of this process:
1)  Product/service that does not conform to requirements is identified.
2)  Nonconforming product/service is placed under quarantine.
3)  Alternative approaches are identified regarding disposition of the nonconform-
ing product/service.
4)  Agreed actions are taken regarding disposition of nonconforming product/
service.
5)  Product/service that has been corrected is re-verified to demonstrate conform-
ity to requirements.
[6)  Action is taken to prevent re-occurrence of the identified product/service non-
conformity.]
7)  Product/service is released from quarantine when authorised.
Requirements ISO 9001:2015, 8.7.1 [1][2][3][4][5][7]
traceability
5.22 TEC.07 Product/service requirements
Process ID TEC.07
Name Product/service requirements
Purpose The purpose of the product/service requirements process is to establish and agree
the requirements for products and/or services.
12 © ISO/IEC 2019 – All rights reserved

Outcomes As a result of successful implementation of this process:
1)  The required characteristics and context of use of products/services are
identified.
2)  The constraints for a product/service solution are defined.
3)  The requirements for the product/service are defined.
[4)  The requirements for validating the product/service are defined.]
Requirements ISO 9001:2015, 8.1, Operational planning and control [3]
traceability
ISO 9001:2015, 8.2.2, Determining the requirements for products and services [3]
ISO 9001:2015, 8.2.3.2 [3]
ISO 9001:2015, 8.3.3, Design and development inputs [1][2][3]
5.23 TEC.08 Product/service review
Process ID TEC.08
Name Product/service review
Purpose The purpose of the product/service review process is to maintain a common
understanding with customer what should be done to help ensure development of
a product/service that meets the customer and relevant interested party require-
ments. Product/service reviews are held at both management and technical levels
throughout the product/service lifecycle.
Outcomes As a result of successful implementation of this process:
[1)  Criteria for the review of product/service is identified.]
[2)  Review participants are identified.]
3)  Required review activities are performed.
4)  Action items are identified.
Requirements ISO 9001:2015, 8.3.4, Design and development controls [3][4]
traceability
5.24 TEC.09 Product/service supply
Process ID TEC.09
Name Product/service supply
Purpose The purpose of the product/service supply process is to provide product/service to
meet the agreed customer requirements.
Outcomes As a result of successful implementation of this process:
[1)  Product/service request(s) received from the customer are confirmed.]
2)  Product/service request(s) are evaluated in terms of mandated product/service
delivery criteria.
3)  A response to a customer's product/service request is produced.
4)  An agreement is established between the customer and the supplier for provid-
ing the product/service.
5)  The product/service is provided to the customer in accordance with the agreed
requirements.
6)  Conformity to applicable stated and implied customer and supplier require-
ments by internal processes and/or product/service provided is verified.
© ISO/IEC 2019 – All rights reserved 13

Requirements ISO 9001:2015, 8.2.2, Determining the requirements for products and services [2]
traceability
ISO 9001:2015, 8.2.3.1 [2][3]
ISO 9001:2015, 8.2.3.2 [2]
ISO 9001:2015, 8.3.5, Design and development outputs [4][6]
ISO 9001:2015, 8.6, Release of products and services [5][6]
5.25 TEC.10 Product/service validation
Process ID TEC.10
Name Product/service validation
Purpose The purpose of the product/service validation process is to confirm that the re-
quirements for a specific intended use of the product/service are fulfilled.
Outcomes As a result of successful implementation of this process:
[1)  Products/services to be validated are selected.]
[2)  Criteria for validation of all required process results are identified.]
3)  Required validation activities are performed.
[4)  Problems are identified.]
Requirements ISO 9001:2015, 8.3.4, Design and development controls [3]
traceability
5.26 TEC.11 Product/service verification
Process ID TEC.11
Name Product/service verification
Purpose The purpose of the product/service verification process is to confirm that each
product/service properly reflects the specified requirements.
Outcomes As a result of successful implementation of this process:
[1)  Products/services to be verified are selected.]
[2)  Criteria for verification of all required process results is identified.]
3)  Required verification activities are performed.
[4)  Defects are identified.]
Requirements ISO 9001:2015, 8.3.4, Design and development controls [3]
traceability
ISO 9001:2015, 8.6, Release of products and services [3]
5.27 TOP.01 Leadership
Process ID TOP.01
Name Leadership
Purpose The purpose of Leadership is to direct the organization in the achievement of its vi-
sion, mission, strategy and goals, through assuring the definition of a management
system, a management system policy, and management system objectives.
14 © ISO/IEC 2019 – All rights reserved

Outcomes As a result of successful implementation of this process:
1)  The context of the organization, including the expectations of its relevant inter-
ested parties, are understood and analysed.
2)  The scope of management system activities is defined, taking the context of the
organization into consideration.
3)  The management system policy and objectives are defined.
4)  The management system and operational process strategy is determined.
5)  Commitment and leadership with respect to the management system is demon-
strated.
Requirements ISO 9001:2015, 4.1, Understanding the organization and its context [1]
traceability
ISO 9001:2015, 4.2, Understanding the needs and expectations of interested par-
ties [1]
ISO 9001:2015, 4.3, Determining the scope of the quality management system [2]
ISO 9001:2015, 4.4.1 [4]
ISO 9001:2015, 4.4.2 [4]
ISO 9001:2015, 5.1.1, General [3][5]
ISO 9001:2015, 5.1.2, Customer focus [5]
ISO 9001:2015, 5.2.1, Establishing the quality policy [3]
ISO 9001:2015, 6.2.1 [3]
ISO 9001:2015, 6.3, Planning of changes [4]
ISO 9001:2015, 7.1.6, Organizational knowledge [4]
ISO 9001:2015, 7.5.1, General [4]
ISO 9001:2015, 7.5.3.2 [4]
ISO 9001:2015, 8.1, Operational planning and control [4]
ISO 9001:2015, 8.3.1, General [4]
ISO 9001:2015, 8.4.1, General [4]
ISO 9001:2015, 8.4.2, Type and extent of control [4]
ISO 9001:2015, 8.5.1, Control of production and service provision [4]
ISO 9001:2015, 8.5.3, Property belonging to customers or external providers [4]
ISO 9001:2015, 8.5.4, Preservation [4]
ISO 9001:2015, 8.5.5, Post-delivery activities [4]
ISO 9001:2015, 9.1.1, General [4]
ISO 9001:2015, 10.3, Continual improvement [4]
© ISO/IEC 2019 – All rights reserved 15

Annex A
(informative)
The relationship bet
...