ISO 9001:2015 clauses 8.4.1 – 8.4.3 and requires that external providers must be controlled and their performance be evaluated.   This 9001 clause applies to IATF 16949, AS9100D, 13485, 14001 45001, and ISO 27001.  Effectively there is almost no difference between purchasing a service and outsourcing of a process.

What processes are outsourced, and how are they controlled?

Usually, outsourced processes include things like:

• component manufacturing
• accounting
• maintenance
• transportation
• IT support
• warehousing & distribution
• banking & finance
• legal
• consultant/auditor

Internal and certification audits take into account Outsourced Processes & Products.  ISO Standard 8.4.1 covers how organizations address external outsource vendors.

ISO 9001: 2015 & ISO / IATF 16949 Process Mapping / Interaction

There is quite a bit of confusion regarding the documentation of the interaction of Processes (Sometimes referred to as Customer Orientated Processes {COP’s}, Manufacturing Orientated Processes {MOP’s} and Support Orientated Processes {SOP’s} required by ISO 9001: 20015and IATF 16949 and also helpful for ISO 9001. Many companies have added additional documents to meet the requirements of documenting the process interactions including “Turtle Documents” and “Line of sight” flow diagrams. While these documents typically assist in meeting the requirements, they usually do not identify process interactions or support processes adequately. Also, and very importantly, they add yet another set of documents that need to be controlled and understood by related staff. However, if done correctly these process interaction diagrams can actually reduce the amount of documentation and increase the effectiveness.

Section 4.4.1 requires documentation of quality management processes and their “sequence and interaction.”

Now, what does that mean?

Processes have inputs and outputs and are managed by a series of activities. For instance, Verification of Purchased Product, 7.4.3, is a process (dinosaurs who wondered the earth during the ISO9000:1994 era refer to this as receiving inspection). This process has inputs such as supplier evaluation, prints and purchase orders. The outputs may include a receiving inspection log, tags, labels and routers. Activities usually include receiving, inspecting, documenting, identifying and staging.
Where do we start?

First, assign a team that represents all departments.

Next, draw a “sequence of processes flowchart.” This is simply a diagram of the major processes in your system from Quoting to Shipping. This is also called a “line-of-sight diagram.”

Now, diagram the activities associated with each step. Be sure to include all departments in this exercise.

What is in ISO 9001:2015 and what is not. Listen to Brandon Kerkstra give a brief overview in this lesson from the online ISO 9001:2015 course.

What ISO 9001:2015 DOES Include		What is NOT in ISO 9001:2015
Requires an organization to have the information (documents, procedures, etc.) and records required for effective business planning and implementation		Requiring a change in your document identification system. It is your decision.
Focus on Strategic thinking. Language is Context of Organization		Describing HOW to conduct strategic planning
Focus on risk based thinking to be initiated at the strategic level or Context of Organization		Requiring risk assessment, risk management, risk treatment, and use of formal risk tools
It is arranged so all ISO Management systems will be aligned=one system		Divergent systems are permitted at this time
		Click play to listen to brandon