TL 9000 Requirements: Not Applicable Or Not Available?
Requirements that are not applicable
As you probably know, effective with ISO 9001:2015 and, consequently, with TL 9000:2016 (R6), an organization no longer excludes requirements: it declares them to be not applicable. Did the significance of this terminology shift go over your head, as it did mine? The wording around it was tweaked slightly between ISO 9001:2008’s clause 1.2 and ISO 9001:2015’s clause 4.3; but the only meaningful change seems to be that any requirement in the standard may now be declared not applicable, whereas only clauses from ISO 9001:2008’s section 7 (and any TL 9000 additional requirement) could be excluded.
The standards have not changed in their requirement that the organization provide its justifications for any requirements declared not applicable (N/A), and document those justifications in connection with its QMS scope. And, in the case of TL 9000 specifically, the N/A clauses must also be identified in the organization’s TL 9000 registration profile at tl9000.org, per clause 4.3.C.1 Declaration of Requirement and Measurement Applicability (a new adder in R6).
When not to declare a requirement as N/A
TL 9000’s clause 4.3.C.1 comes with a couple of notes, the first of which, 4.3.C.1-NOTE 1, describes the cases in which a requirement does not need to be declared not applicable, even though it is so.
Unless your registration specialty is HSV (hardware, software and services), not every requirement in TL 9000 is going to be applicable to you. If, for example, your registration specialty is a simple H for hardware, then any TL 9000 adder which includes only an S or a V (e.g., 8.5.5.S.1 Software Patching Information, or 8.5.1.V.2 Mechanical Tool Changes) is automatically not applicable and therefore needn’t be declared N/A either in your QMS documentation or in your TL profile. Similarly, if your registration specialty is V – Services, then any clause with just an H, or an S, or an HS, is automatically N/A. So don’t waste your time declaring them as N/A.
Some requirements are also automatically N/A for certain product and service categories, where this is stated in the requirement itself or in an accompanying note. Two common examples:
8.2.1.C.1 Problem Severity Classification – As the requirement itself says, this adder is not applicable to organizations whose product and service category or categories do not require problem reporting by severity level – i.e., anything in category 7 (Service Products) or 8 (Components and Subassemblies): ref. Measurements Handbook clause 5.1.4.
8.2.1.V.1 Notification About Critical Service Disruption – 8.2.1.V.1-NOTE states that “This requirement is applicable only to organizations that supply services to end-customers.” This prompts many organizations to declare 8.2.1.V.1 not applicable. Actually, it’s intended to save you the trouble of doing so, as it should be obvious from your choice of product and service category or categories (not to mention your scope statement) whether or not your organization is a service provider to end users.
Not applicable... or not available?
When you’ve gone into your TL profile to add your Requirements Handbook R6.0 N/A requirements, you may have noticed that many of the RHB clauses are not available in the dropdown menu – in fact, you may have been alarmed to find that one of your N/A clauses is not there in the list! This isn’t a glitch in the Registration Management System software: many requirements have been intentionally left out of the list so that they may not be declared N/A.
One of these is 8.2.1.V.1 (mentioned above) because, if your organization provides services to end users, you can’t declare it N/A (and, if your organization doesn’t, you don’t have to); so there’s no point in including it in the menu. But a number of other requirements are not in the list because, in the judgment of QuEST Forum, there’s no legitimate rationale for any organization to claim that they are not applicable. Some of these may surprise you; but, be assured, there are reasons for them.
One of these is the 220.127.116.11 General clause under 7.1.5 Monitoring and measuring resources. Every organization is required to perform monitoring and measuring of its processes, products and services. To do that, it needs monitoring and measuring resources; and they have to be fit for purpose. That’s what 18.104.22.168 is talking about – even if, say, those resources are just people’s eyeballs. Now, not all resources need measurement traceability, which is what 22.214.171.124 is about: so 126.96.36.199 can be declared N/A; but 188.8.131.52 cannot, because in principle it applies to every organization.
Another example is 8.1.C.3 End of Life Planning. Although it’s obvious how this requirement applies to hardware and software products, many service organizations have not seen the relevance for them (if they stopped providing the service they provide, they’d be going out of business!); so they’ve been in the habit of excluding it. But, even in that extreme case of a company closing up shop and ceasing to provide services, does it not owe its current customers some kind of communication? Might there not be some customer-supplied documents or data to be dealt with? Some leftover materials, possibly customer- or supplier-owned? A service organization’s EOL plan may be very simple; but it still ought to have one, and so 8.1.C.3 can’t be declared N/A.
If you believe you should be declaring a certain requirement N/A, but you don’t see it in the dropdown menu, what should you do? Feel free to reach out to your certification body (CB) lead auditor or TL 9000 program manager, or to QuEST Forum via Contact Us, for help in understanding how the requirement actually applies to your organization.
Public and private profiles
Be aware that most changes you make to your TL 9000 profile (such as adding R6.0 N/A requirements) are being made to your private profile only, and will not appear in your public profile until your CB has approved them. In the case of N/A requirement declarations, this typically won’t happen until your CB has performed its next audit of your organization and confirmed the validity of your justifications for them. Be prepared to have a conversation with your CB auditor(s) about them.
Oh, and please make sure that the requirements that are declared not applicable in your QMS’s documented information match the list in your private profile.
Author: Rick Hill, TL 9000 Program Manager