What Is Clause 8.3 and Why Does It Matter?
If your business designs products or develops services before delivering them to customers, Clause 8.3 of ISO 9001:2015 applies directly to you. It covers the entire design and development process, from the initial planning stage through to the final output that gets handed over to production or delivery. It is one of the more detailed clauses in the standard, and it trips up a lot of organisations during certification audits.
On this page
The clause exists for a good reason. Poor design is one of the most expensive quality failures a business can experience. Catching a design flaw at the concept stage costs a fraction of what it costs to fix it after production has started, or worse, after a customer has already received the product. Clause 8.3 gives you a structured framework to reduce that risk.
It is worth noting that this clause is one of the few in ISO 9001 where organisations can apply an exclusion. If your business does not carry out any design or development activities, meaning you manufacture or deliver entirely to customer-provided specifications, you may be able to exclude this clause from your scope. However, that exclusion needs to be justified and documented. Auditors will challenge it if your business has any input into product or service specifications.
The Structure of Clause 8.3: Seven Sub-Clauses
Clause 8.3 is broken into seven sub-clauses, each addressing a different phase or aspect of the design and development process. Understanding how they connect is important before you try to implement them.
8.3.1 General
This sub-clause simply states that your organisation must establish, implement and maintain a design and development process. It is the foundation. The standard does not prescribe exactly how your process must look, which gives you flexibility to design something that fits your industry and business model. What it does require is that the process is systematic and that you can demonstrate it is being followed.
8.3.2 Design and Development Planning
Planning is where most organisations either get this right or start to unravel. Clause 8.3.2 requires you to determine the nature, duration and complexity of your design activities. You also need to identify the stages involved, the review and verification points, and who is responsible for what.
There are several specific things the standard expects you to consider during planning. These include the resources needed, both human and infrastructure, any interfaces between different teams or functions involved in the design process, the level of customer and user involvement, and any requirements for handover to subsequent production or service delivery steps.
A practical way to document this is through a design and development plan. This does not need to be a lengthy document. For a small product company, it might be a one-page project plan that maps out the design stages, who is responsible, and when reviews will occur. For a more complex engineering organisation, it will naturally be more detailed.
8.3.3 Design and Development Inputs
Before you can design anything, you need to know what the design must achieve. Clause 8.3.3 requires you to identify and document the inputs to your design process. These inputs typically include functional and performance requirements, applicable legal and regulatory requirements, standards that must be met, information from previous similar designs, and any other requirements considered essential.
The standard also requires that inputs be adequate, complete and unambiguous. Conflicting inputs must be resolved before design work begins. This is a common audit finding in organisations that start design work based on vague or incomplete briefs from clients or internal stakeholders.
A real-world example here is useful. Imagine a manufacturer developing a new industrial valve. The design inputs would include the pressure and temperature ratings required, the relevant Australian Standards or international standards the valve must comply with, material specifications, dimensional constraints, and any lessons learned from previous valve designs that had field failures. All of these need to be captured and reviewed before the drawing board gets touched.
8.3.4 Design and Development Controls
This is the heart of the clause. Clause 8.3.4 requires you to apply controls throughout the design and development process. Those controls take three specific forms: reviews, verification, and validation.
Design reviews involve evaluating the design at planned stages to check that it is meeting its requirements. Reviews should involve people with relevant competence, and the results need to be recorded. A common mistake is treating design reviews as a rubber stamp exercise. An auditor will look at whether your review records show genuine evaluation and any issues that were identified and addressed.
Design verification is the process of confirming that the design outputs meet the design inputs. In simple terms, it answers the question: did we build what we said we would build? Verification activities might include calculations, prototype testing, comparison with proven designs, or alternative calculations. The outputs of verification must be recorded.
Design validation goes a step further. It confirms that the resulting product or service will actually meet the needs of the intended use or application. Verification checks the design against its specification. Validation checks the design against its intended purpose in the real world. These are two different things, and auditors know the difference. If you want a detailed explanation of how these two concepts differ, the article on the difference between verification and validation in ISO covers this clearly.
The standard also requires that you take actions on any problems identified during reviews, verification or validation. Simply recording that a problem exists without addressing it is not sufficient.
8.3.5 Design and Development Outputs
Clause 8.3.5 addresses what comes out of the design process. Design outputs must meet the input requirements and must be adequate for the subsequent processes of production, service delivery or procurement. They must also include or reference monitoring and measuring requirements, and specify the characteristics of the product or service that are essential for its intended purpose.
In practice, design outputs might include engineering drawings, specifications, bills of materials, software code, service procedures, or formulations. Whatever form they take, they need to be documented and retained as evidence. The outputs must also be reviewed and approved before being released for use.
8.3.6 Design and Development Changes
Designs rarely stay static. Components get changed, customer requirements evolve, or testing reveals that something needs to be modified. Clause 8.3.6 requires you to identify, review and control changes made during or after the design and development of products and services.
The review of changes must consider the potential impact on the product or service as a whole, including any effects on already-delivered products or services. Changes must be authorised before implementation, and records of the changes, the reviews, and any authorisations must be retained.
This is an area where organisations frequently get caught out. A design change is made informally, without going through the proper review process, and the change creates a downstream quality problem. An effective change control process prevents this from happening.
8.3.7 Design and Development Outputs (External Provision)
Wait, there is no 8.3.7 in the standard. The clause structure ends at 8.3.6. However, it is worth noting that the outputs from design and development feed directly into Clause 8.4, which covers the control of externally provided processes, products and services. If your design outputs are passed to external suppliers for manufacturing or delivery, those handover requirements become part of your purchasing and supplier control processes.
Who Does Clause 8.3 Apply To?
This is a question worth spending time on, because the answer is broader than many organisations expect. The obvious candidates are manufacturers who design their own products. But Clause 8.3 also applies to service organisations that develop new service offerings before delivering them.
Consider a consulting firm that develops a new training programme. The programme has to be designed, tested, and refined before it is delivered to clients. That is a design and development process. Or think about a software company building a custom application. The development cycle from requirements through to deployment is design and development in the context of this clause.
Even some construction companies, professional services firms, and healthcare organisations have design and development activities that fall within the scope of this clause. The key question to ask is whether your organisation makes decisions about what the product or service will be, or whether you simply execute to a specification provided entirely by someone else.
If you are still working out what your ISO 9001 scope should cover, the guide on limiting the scope of your ISO 9001 certification is worth reading before you finalise your approach.
Common Audit Findings Under Clause 8.3
Having spent years auditing organisations against ISO 9001, certain patterns come up repeatedly under this clause. Knowing them in advance will save you from an embarrassing nonconformance during your certification audit.
Incomplete or Vague Design Inputs
Organisations often start design work before inputs have been properly defined. The brief from the client or internal team is ambiguous, conflicting requirements have not been resolved, or applicable regulatory requirements have not been identified. Auditors will ask to see your design inputs and will probe whether they were adequate before work commenced.
No Evidence of Reviews or Verification
Many organisations carry out design reviews informally, through conversations and emails, without creating any structured records. When an auditor asks for evidence of design reviews, there is nothing to show. The review does not need to be a formal board meeting, but it does need to be documented. A simple review checklist or meeting minutes that reference the design stage and any issues identified is sufficient.
Validation Not Performed or Confused With Verification
As mentioned earlier, validation and verification are different activities. Organisations frequently document verification activities and call them validation. An auditor will ask what evidence you have that the product or service meets its intended use in real conditions, not just that it meets the specification on paper.
Change Control Not Applied Consistently
Design changes made outside the formal change control process are a frequent finding. This is particularly common in fast-moving product development environments where teams feel the formal process slows them down. The solution is not to remove the process but to make it proportionate and practical so that people actually use it.
Exclusion Claimed Without Justification
Some organisations attempt to exclude Clause 8.3 when they actually do carry out design activities. Auditors will look at your products and services and ask questions. If it becomes apparent that you make design decisions, the exclusion will not hold. Be honest in your assessment of whether this clause applies.
Practical Steps to Implement Clause 8.3
Here is a straightforward approach to getting this clause implemented properly, without creating unnecessary bureaucracy.
Step 1: Determine Whether the Clause Applies
Start by honestly assessing whether your organisation carries out design and development activities. If you do, identify the scope of those activities and document your rationale. If you genuinely do not, document your justification for the exclusion clearly.
Step 2: Map Your Existing Design Process
Most organisations that do design work already have some kind of process, even if it is informal. Map it out. Identify the stages, the decision points, who is involved, and what outputs are produced at each stage. This gives you a baseline to work from.
Step 3: Establish a Design and Development Plan Template
Create a simple template that captures the planning requirements of Clause 8.3.2. This should include the scope of the design activity, the stages and timeline, the people involved and their responsibilities, the review and verification points, and any specific regulatory or customer requirements.
Step 4: Define Your Input and Output Requirements
Create a checklist or template for capturing design inputs at the start of each project. Include a sign-off step to confirm inputs are adequate before work begins. Similarly, define what your design outputs must include before they are released for production or delivery.
Step 5: Formalise Your Review, Verification and Validation Activities
Decide what evidence you will create at each stage. This does not need to be elaborate. A review record that captures the date, who was involved, what was reviewed, any issues identified, and the outcome is entirely sufficient. For verification and validation, document the method used and the results obtained.
Step 6: Implement a Change Control Process
Design a simple change request process that requires changes to be assessed for impact before implementation. Even a one-page form that captures the change description, the reason for the change, the impact assessment, and the authorisation signature will satisfy the standard.
For more guidance on how documentation fits into your broader quality management system, the article on controlled documents and how to implement them is a practical resource.
Clause 8.3 in the Context of the Broader ISO 9001 Standard
Clause 8.3 does not sit in isolation. It connects directly to several other parts of the standard. Your design inputs will draw on the customer requirements captured under Clause 8.2. Your design outputs feed into the production and service delivery controls under Clause 8.5. The risks associated with design activities should be addressed through your risk and opportunity management processes under Clause 6.1.
Leadership commitment under Clause 5 is also relevant here. Design and development requires resources, time, and skilled people. Without genuine commitment from senior management to provide those resources, the process will be inadequate regardless of how well you document it.
The ISO 9001:2015 standard itself provides the authoritative source for understanding the exact requirements of each clause, and it is worth reading the clause text directly alongside any guidance material.
If you are working through the standard clause by clause, the guide to Clause 9 on performance evaluation is a useful next step once you have Clause 8 under control.
A Note on Proportionality
One thing that confuses smaller businesses is the assumption that implementing Clause 8.3 requires a large engineering department and a formal stage-gate process borrowed from a multinational. It does not. The standard explicitly acknowledges that the extent of design and development controls should be determined based on the nature, duration and complexity of the activities involved.
A small business designing a new product line does not need the same process as a defence contractor. What it does need is a process that is appropriate to its context, consistently applied, and properly documented. Keep it proportionate. A three-stage process with simple review records is far better than a twelve-stage process that nobody follows.
Getting Help With Clause 8.3 Implementation
If you are working through ISO 9001 implementation and finding Clause 8.3 more complex than expected, you are not alone. This clause requires genuine process thinking, and getting it right the first time is much easier with guidance from someone who has seen how auditors approach it in practice.
CertBetter connects businesses with verified ISO consultants and accredited certification bodies across Australia and globally. You submit one form, and you receive up to three competing quotes from vetted providers who understand your industry. The service is completely free for businesses seeking certification help. Whether you are implementing ISO 9001 for the first time or addressing gaps found in a previous audit, getting the right expert in your corner makes a significant difference to the outcome.
